Which act related to personal financial information includes requirements for Business Continuity and Disaster Recovery (BCDR) capabilities?

The Gramm-Leach-Bliley Act (GLBA) is the correct choice because it specifically addresses the protection of personal financial information held by financial institutions. One of the key requirements under the GLBA is the implementation of appropriate measures to manage risks related to the confidentiality and integrity of such information. This includes provisions for Business Continuity and Disaster Recovery (BCDR) capabilities to ensure that organizations can continue to operate and protect consumer information in the event of a disaster or disruption.

GLBA's focus on BCDR capabilities aligns with its aim to safeguard sensitive financial data. Financial institutions must assess risks, develop plans, and ensure operational resilience to maintain consumer trust and comply with federal regulations. By integrating BCDR planning into their overall security strategy, organizations can more effectively protect personal financial information and respond to emergencies.

In contrast, while the Sarbanes-Oxley Act (SOX) emphasizes financial governance and internal controls, it does not specifically mandate BCDR capabilities related to personal financial information. Disaster Recovery as a Service (DRaaS) is a solution for implementing disaster recovery but is not an act and thus doesn’t set regulatory requirements. The Federal Financial Institutions Examination Council (FFIEC) provides guidelines and standards for financial institutions but doesn’t impose