Certified Cloud Security Professional (CCSP) Practice Exam 2025 – All-in-One Guide to Ace Your Certification!

The correct answer is C. GLBA (Gramm-Leach-Bliley Act). GLBA, also known as the Financial Services Modernization Act of 1999, is a United States federal law that requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. It mandates financial institutions to establish information security programs to protect customers' nonpublic personal information.

The other options are not specifically designed to control financial institutions' handling of private information:

A. HIPAA (Health Insurance Portability and Accountability Act) focuses on safeguarding protected health information within the healthcare industry.

B. EU GDPR (General Data Protection Regulation) is a regulation in EU law concerning data protection and privacy for all individuals within the European Union and the European Economic Area but is not specifically targeted at financial institutions.

D. SOC 1 (Service Organization Control 1) is an auditing standard that focuses on controls relevant to financial reporting, specifically for service organizations, and not primarily on the protection of private information within financial institutions.