GLBA Data Compliance with Streamdal

We're updating our documentation, so the presented info might not be the most recent.
Beta

The data compliance features of Streamdal are currently in beta, and being tested with a select group of contributors, companies, and design partners. If you would like to participate in the beta, please reach out to us.

The Gramm-Leach-Bliley Act (GLBA) covers a wide range of financial institutions. A significant factor in complying with the GLBA is safeguarding sensitive data, which Streamdal can help with.

Streamdal’s Approach

You can leverage Streamdal for:

Automation with ‘Risk Assessments’ for all your data: While many developers might be satisfied with just the CLI for data observability, security professionals or other operational and non-technical parts of an organization can access the Console UI to get an always up-to-date view of all the data that moves in their systems.

Streamdal adds significant automation for risk assessments on data, and equips organizations with new powerful mechanisms to help surface ‘unknown unknowns’ in their data security.

Safeguards for controlling identified risks>: Using Streamdal to implement granular governance rules on data moving across your systems will bolster your methods of risk mitigation. This can wildly limit the “unauthorized disclosure, misuse, alteration, destruction, or other compromise” of sensitive information.

Adjusting Data Policies: As your systems mature and require greater data governance, Streamdal allows you to easily change how data is handled in real time. For example, you could begin obfuscating or de-identifying parts of sensitive data, or adjusting the boundaries where data can reside all in real time, and without re-compiling or changes to CI/CD.

Coming Soon: A visual guide on setting up GLBA-specific rules in the Console UI.

Regulatory Insights

We wanted to make researching the relevant data regulations easier and give a better idea of where Streamdal could be the most impactful for your organization. In most cases, the combination of the observability and data governance capabilities will ensure successful compliance.

While more sections could be applicable, below are a few taken from the GLBA1 as archived in the U.S. Code of Federal Regulations along with how Streamdal can help with data compliance:

§ SectionsHow Streamdal helps comply
§ 314.3 Standards for safeguarding customer information (a)The Streamdal SDK can ensure that data in motion complies with your organization’s data security policies by filtering, alerting, or rejecting data based on content rules.

For example, you can implement rules to reject data that contain plaintext passwords or other sensitive information.
§ 314.4 Elements (c)(1)(2)(4)(6)Weaving the Streamdal SDK process() into all of your services means that regardless of scale, you will always have an up-to-date view in the Console UI of the flow of data in your systems, making discovery and management simple and easy.

Based on the rules you can set up, the SDK can determine and restrict who can consume and access data, fortifying data security. These same rules can also restrict the movement of data once it has passed its retention period, effectively ensuring data that is scheduled for secure disposal is not re-introduced into other environments.
§ 314.4 Elements (g)The rules you create in the Console UI can be as flexible and dynamic as you need, along with the ability to make adjustments on the fly and in real-time. For instance, if it is discovered that there is a new vulnerability in storage at an on-prem server, you can easily attach rules to your producers and consumers that prevent sensitive data from entering that server.
Information

Did you know:

The Privacy Rule guards “nonpublic personal information” (NPI), which is private financial data collected by institutions unless it’s public. NPI doesn’t include info deemed lawfully public unless the person opts to keep it private, like an unlisted phone number2.

Rely on Streamdal to help keep your sensitive data GLBA-compliant anywhere it can move!

Footnotes

  1. Code of Federal Regulations (2021). Title 16 Commercial Practices. In Chapter I Federal Trade Commission, Subchapter C Regulations Under Specific Acts of Congress, PART 314—STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION (§ 314.3 (a) Standards for safeguarding customer information; § 314.4 (c)(1)(2)(4)(6) Elements; § 314.4 (g) Elements). Electronic Code of Federal Regulations. https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314

    This part, which implements sections 501 and 505(b)(2) of the Gramm-Leach-Bliley Act, sets forth standards for developing, implementing, and maintaining reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information. ↩

  2. Federal Trade Commission. (2002). How to comply with the privacy of consumer financial information rule of the Gramm-Leach-Bliley Act. https://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act ↩