Introduced in 1999 while removing barriers in the market among banks, insurance agencies, and investment institutions, GLBA http://www.ffiec.gov/exam/infobase/documents/02-con-501b_gramm_leach_bliley_act-991112.pdf also established a set of rules and regulations that protect consumer privacy and secure consumer's data.
Section 501(b) of GLBA requires organizations to establish financial institution standards for protecting the security and confidentiality of said financial institution's customers' non-public personal information. These standards relate to administrative, technical, and physical safeguards.
- -to insure the security and confidentiality of customer records and information;
- -to protect against any anticipated threats or hazards to the security or integrity of such records; and
- -to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer
The Federal Trade Commission helps define which organizations should satisfy the regulations:
These are some examples:
- -Loan lenders
- -Foreign exchange companies
- -Money transfer companies
- -Hedge fund management companies
- -Equity investment companies
- -Insurance companies
- -Mortgage Brokers
- -Asset Management firms
- -Financial advisers
- -Financial brokers
- -Credit companies
Using data masking in institutional standards helps organizations to adhere to the section 501(b).
It helps conceal sensitive data both in development environments and in production. In production, they often substitute sensitive values for use by personnel with limited access to data. An example of such a situation is an off-shored billing and other BPO operation with sensitive data.
It is customary for financial institutions to mask names, date of birth, social security, tax id number, accounts, credit card numbers