US law governing how financial institutions handle non-public personal information (NPI); FTC Safeguards Rule applies.
The Gramm–Leach–Bliley Act requires financial institutions to explain their information-sharing practices and to safeguard sensitive non-public personal information (NPI). The FTC Safeguards Rule (16 CFR Part 314) — amended in 2023 — sets specific technical requirements including MFA, encryption, and an incident-response plan.
Run a free ComplianceIQ audit against GLBA and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.