Which act protects the privacy of personal identifiable information and sets guidelines for securing that financial information?

This question tests understanding of which law governs the privacy of personal financial information and sets security requirements for that data. The Gramm-Leach-Bliley Act (GLBA) is designed to protect consumers’ nonpublic personal information held by financial institutions. It requires these institutions to provide privacy notices about how information is shared, gives customers the option to opt out of certain sharing, and mandates safeguards to protect that information. The Safeguards Rule specifically requires a written information security program with administrative, technical, and physical safeguards, along with ongoing risk assessments, to protect nonpublic personal information.

In contrast, other laws address different areas: FISMA focuses on protecting federal information systems, HIPAA protects health information, and FERPA protects student education records. So GLBA is the act that fits the description.