concentric logo

GLBA and Concentric AI: a Technical Explainer

July 5, 2023
Cyrus Tehrani
3 min read

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a critical piece of legislation that has created a significantly impact on the United States financial industry. This Act was primarily designed to regulate the way financial institutions handle the private information of individuals.

Prior to GLBA, financial institutions such as banks, insurance companies, and brokerage firms operated in isolation — unable to merge or share information. The GLBA revolutionized the financial landscape by permitting these institutions to consolidate and exchange information under specific conditions.

The GLBA is composed of three key rules:

The Financial Privacy Rule mandates financial institutions to provide each customer with a privacy notice at the start of the business relationship and annually thereafter. This notice must include the information the institution gathers about the customer, where this information is shared, and how the institution protects that information.

The Safeguards Rule requires all financial institutions to implement a security plan to protect the confidentiality and integrity of personal consumer information. The rule ensures that sensitive customer data is adequately protected from potential threats.

The Pretexting Rule of the GLBA prohibits the acquisition of personal information through false pretenses, including fraudulent statements and impersonation. This provision is designed to prevent unauthorized access to personal information.

Ultimately, the GLBA is all about the importance of privacy in the modern financial landscape. It plays a pivotal role in the financial industry by striking a balance between a) the need for financial institutions to share information for operational efficiency, and b) the requirement to protect the privacy and security of consumers’ personal data.

How Concentric AI helps with GLBA compliance

Due to the complexity of today’s threat landscape, data breaches are far too common and compliance requirements are increasingly stringent. To help you address these critical business needs, Concentric AI offers a robust solution that navigates the complex landscape of data privacy and protection.

Data discovery and categorization

First, Concentric offers comprehensive data discovery and categorization of your sensitive financial data. In the context of GLBA, this means that financial institutions can accurately identify and categorize all the sensitive financial data they hold. As the volume of data grows exponentially due to factors such as cloud migration and remote work, this feature becomes increasingly critical.

Concentric’s Semantic Intelligence solution uses advanced machine learning technologies to autonomously scan and categorize data, whether it’s financial data, PII, or business confidential information, regardless of where it’s stored – structured or unstructured, on-prem or in the cloud. The Risk Distance analysis functionality can autonomously identify PII, learn how it’s used, and determine whether it’s at risk.

Data classification

Concentric classifies all your financial data with context, check each data’s classification and compare it to similar peer data, and identify unclassified and misclassified data without needing manually maintained rules or policies. Risk Distance™ analysis autonomously compares data to its peers and instantly detects inappropriate permissions, inaccurate entitlements, risky sharing, and unauthorized access.

Risk monitoring

Another key component of Concentric’s platform is autonomous risk monitoring. This feature allows you to continuously monitor data for risk, a task that is not only difficult but also time-consuming for IT and security teams. With Concentric, you can autonomously discover how sensitive financial data is being used, who it is being shared with, and who accessed it. This enables you to quickly and accurately pinpoint risks from inappropriate permissioning, risky sharing, and unauthorized access, all of which are crucial for GLBA compliance.


Concentric’s ability to accurately identify and classify sensitive data and autonomously remediate risk enables you to meet regulatory and security mandates like GLBA. In doing so, it allows you to demonstrate control to auditors and implement zero-trust access practices. Our autonomous remediation feature fixes access issues and reduces the odds of data loss or governance violation.

More than just compliance

Our customers are successfully using our product in production for petabytes of data for:

Book a demo today to see firsthand — with your own data — how Concentric’s solution can quickly and easily be deployed to keep up with GLBA in your organization.


Libero nibh at ultrices torquent litora dictum porta info [email protected]

Getting started is easy

Start connecting your payment with Switch App.