Question

A large U.S. bank has a legal department that ensures they follow every law and regulation that has been passed in the jurisdictions where they operate. Which of the following regulations might require them to notify customers as soon as possible after a security breach unless the notifications would interfere with an investigation being conducted by law enforcement agencies?

a. GDPR
b. PIPEDA
c. Gramm-Leach-Bliley-Act
d. HIPAA

Answer 1

The Gramm-Leach-Bliley Act (GLBA) is the U.S. law that requires financial institutions to notify customers after a security breach, unless such notification would hinder law enforcement investigations.

Step-by-step explanation:

In the context of U.S. banking regulations, the law that often requires financial institutions to notify customers as soon as possible following a security breach is the Gramm-Leach-Bliley Act (GLBA). This federal law mandates that financial institutions, which include large banks, must protect the sensitive data of their clients and report any unauthorized access to this data. The GLBA specifically includes provisions for customer notification in the event of a security breach, unless informing customers would interfere with law enforcement investigations. Although the General Data Protection Regulation (GDPR) and the Personal Information Protection and Electronic Documents Act (PIPEDA) also have similar requirements, they are not U.S. laws—GDPR is European Union legislation, and PIPEDA is Canadian. On the other hand, the Health Insurance Portability and Accountability Act (HIPAA) does concern itself with privacy and data protection but is specific to healthcare information, not banking.