Introduction

If you’re handling customer or financial data, even casually or just occasionally, you’re actually working under a law called the Gramm-Leach-Bliley Act (GLBA).

Enacted in 1999, the GLBA is primarily concerned with protecting personal financial information. It may sound intimidatingly legal and complex, but it genuinely matters in your day-to-day role.

Typically, we think of this law as having three pillars: The Privacy Rule, the Safeguards Rule, and the Pretexting Rule.

The Privacy Rule

Customers have the right to opt out of some types of information sharing. This essentially means that you must be transparent about who can view what type of data.

Companies must be open with customers about:

• What data is collected?

• How it’s used or shared.

• Who it’s shared with.

For you, that also means treating customer information like a sacred secret. Whether it’s an email address or bank account number, that trusted agreement encompasses every piece of data that you can access.

The Safeguards Rule

According to this pillar, organizations must safeguard customer data, both technically and operationally. Sensitive information left printed out neatly on your desk for any passersby to see can be extremely dangerous, for example, just as much so as any credentials left freely visible on the web.

Protecting all data includes:

• Strong passwords and password managers

• Multi-factor authentication is used everywhere possible

• Locked computers and secure email habits

• Regular security training

Your everyday actions (such as pausing before clicking, locking your screen, and using approved tools) are therefore vital defenses in the fight against cybercrime.

The Pretexting Rule

This rule targets deception, which involves threat actors pretending to be someone else to obtain private information. They might make fake calls or send emails claiming to need access to your account. Because we tend to trust friends and fear authority, these emotions can powerfully motivate victims to react without thinking.

To best protect the private data under your care, remember to follow cyber hygiene best practices. Verify requests you’re unsure about. Pick up the employee handbook, check with a supervisor, and reassess the situation before letting curiosity become a risk.

How The Three Pillars Fit Together

The Gramm-Leach-Bliley Act works because of these three “rules” standing together.

1. Privacy ensures transparency with customers.

2. Safeguards protect data from being stolen or exposed.

3. Pretexting protections safeguard against manipulative schemes, such as phishing.

Only practicing two out of three won’t protect your private data, however. When you follow all three pillars, your workplace, personal, and customer data can all stay more secure.

Case Study: Blackbaud Fine (2024)

In early 2024, Blackbaud, a primary software provider, was fined under GLBA for failing to protect sensitive personal data. A breach from 2020 had exposed massive amounts of customer data, and alarmingly, Blackbaud didn’t notify affected parties promptly nor fully disclose the extent of the loss. The FTC then had to take action, citing inadequate safeguards and a lack of transparency.

Use this as a lesson that GLBA isn’t just theoretical. It’s serious, and auditors do enforce it. Even if you and your systems are strong, breaches can still happen when processes or disclosures fail.

How You Can Keep Data Private

Remember, you’re not just working with data. You’re supporting compliance and protecting customer trust.

• Privacy is personal. Sharing data carelessly can undermine trust.

• Security is shared. Your actions help keep systems secure, because security is not just IT’s job.

• Deception can hide in plain sight. Be alert, verify, and protect your information.

• Compliance is real. Violating data privacy laws can result in fines and public scrutiny, potentially damaging your professional reputation and jeopardizing your job security.

At the end of the day, ask yourself: Would I want my own confidential information treated this way? If the answer is no, then you probably need to practice more caution.

Use only approved tools and platforms, and don’t let the routineness of cyber hygiene inhibit your alertness.

Conclusion

GLBA isn’t a distant threat or high-powered financial services law; it’s part of your everyday workplace reality. When you handle customer data responsibly, follow security best practices, and stay vigilant about scams, you’re not just doing your job. You’re also upholding ethical standards and preserving trust.

What it comes down to is this: Always treat sensitive data with care!