What's VoIP Got to Do with GLBA Data Privacy
The Gramm Leach Bliley Act may not appear to have anything to link it to the Voice Over IP technology being implemented in financial institutions, but IT departments and Information Security officers should look closely at how the new phone systems may be audited under GLBA regulations. GLBA audits would focus more on data privacy, and specifically under Section 501 Subtitle A that requires companies ensure the security and confidentiality of customer records and information. They also need to protect against any anticipated threats or hazards to the security and integrity of these records, and protect t against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer.
A VoIP network has all the same security threats as an IP data network. All the steps to protect an IP data network should be taken in locking down a VoIP network.
For more information: http://www.cuinfosecurity.com/regulations.php?reg_id=42
(See Special NIST Publication800-58, Security Considerations for Voice over IP Systems)