What is the Gramm-Leach-Bliley Act? (2022)

What is the Gramm-Leach-Bliley Act?

The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals. The Act consists of three sections: The Financial Privacy Rule, which regulates the collection and disclosure of private financial information; the Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information; and the Pretexting provisions, which prohibit the practice of pretexting or accessing private information using false pretenses. The Act also requires financial institutions to give customers written privacy policy notices that explain their information-sharing practices.

The GLBA repealed large portions of the Glass-Steagall Banking Act of 1933 and the Bank Holding Company Act of 1956. It amended the rules to permit banks, brokerage houses and insurance firms to merge. This created a new structural framework whereby a bank holding company could acquire full-service investment banks and insurance companies, while allowing the latter types of firms to form holding companies to acquire banks. As a consequence of GLBA, the U.S. Federal Reserve was granted expanded supervisory power to regulate these new types of financial structures.

What is the purpose of GLBA?

The standards established by GLBA complement data security requirements imposed by the Federal Deposit Insurance Corporation (FDIC). The purpose of the GLB Act is to ensure that financial institutions and their affiliates safeguard the confidentiality of personally identifiable information (PII) gathered from customer records in paper, electronic or other forms. The law requires affected companies to comply with strict guidelines that govern data security.

According to the law, financial institutions have an obligation to respect their customers' privacy and securely protect their sensitive personal information against unauthorized access.

GLBA compliance requires that companies develop privacy practices and policies that detail how they collect, sell, share and otherwise reuse consumer information. Consumers also must be given the option to decide which information, if any, a company is permitted to disclose or retain for future use.

A related requirement governs data storage and security as part of a comprehensive written information security policy. This objective addresses protections against "any anticipated threats or hazards" to data that could result in "substantial harm or inconvenience" to consumers.

GLBA's PII guidelines apply to any non-public personal information, which is defined as information a customer may provide to facilitate a transaction or which is otherwise obtained by the institution.

Data covered by GLBA

GLBA compliance is intended to decrease the likelihood an organization will have a data breach and face the resulting fallout, including significant financial and legal penalties and damage to its reputation. GLBA has become a top priority for chief information security officers and other IT professionals charged with managing corporate data.

(Video) The Gramm-Leach-Bliley Act Made Simple

Best practices have emerged, including internal risk assessments, periodic testing of internal controls and ensuring third-party compliance by business partners and service providers. Practical advantages of the law's requirements include an increased ability to identify critical data, eliminate data errors, locate dark data, improve consolidation and enhance data classification.

Data that falls under the requirements of GLBA includes the following:

  • addresses;
  • bank account and financial data;
  • biometric and related data;
  • birth dates;
  • car dealers;
  • credit history (including property records or purchasing history);
  • education level and academic performance;
  • employment data;
  • inferences drawn from other data;
  • internet and other electronic information;
  • geolocation data;
  • names;
  • personal income;
  • Social Security data; and
  • tax information.

Organizations regulated by GLBA

The passage of GLBA coincided with the emergence of internet technologies for transacting business, which in turn generated reams of new data and new ways of accessing data. The law broadened the definition of companies classified as financial institutions.

GLBA regulates any institution significantly engaged in financial activities. Even organizations that do not disclose non-public personal information are required by GLBA to develop a policy to protect information against potential future threats.

In addition to banks, brokerage firms and insurers, GLBA applies to companies that process loans or otherwise assume credit risk. Any organization that falls within the scope of GLBA must comply with its provisions, although individual states have the power to enact more stringent privacy regulations, as is the case in California and Virginia.

Professions and businesses subject to GLBA's provisions include:

  • accountants
  • ATM operators
  • car rental companies
  • courier services
  • credit reporting companies
  • credit unions
  • debt collectors
  • financial advisory firms
  • hedge funds
  • non-bank mortgage lenders
  • payday lenders
  • property appraisers
  • real estate firms
  • retailers
  • stockbrokers
  • tax preparers
  • universities

How GLBA compliance works

GLBA is broken into three main sections, each of which defines a subset of rules that govern compliance. The three sections include the following:

(Video) Understanding Gramm Leach Bliley (GLBA) to Secure Consumer Personally Identifiable Information

Financial Privacy Rule

This rule, often referred to as the Privacy Rule, places requirements on how organizations may collect and disclose private financial data. An organization must give "clear and conspicuous notice" of its privacy policy at the start of a customer relationship. Subsequently, customers must get an annual notice for the duration of the relationship, unless the organization meets certain criteria.

The Privacy Rule outlines which data will be collected, how it will be used and shared, who has access to it and the policies and procedures used to protect it. As required by the Fair Credit Reporting Act, customers are to be notified of the privacy policy annually, including the right to opt out of sharing information with unaffiliated third-party entities. If a customer agrees to share information, the organization must abide by the provisions of the original privacy notice.

Safeguard Rule

As the name implies, steps to ensure information security are the key focus of GLBA's Safeguard Rule. The Federal Trade Commission (FTC) issued this rule in 2002 and continues to enforce it. The rule instructs organizations to implement administrative, physical and technical protections as safeguards against cyber attacks, email spoofing, phishing schemes and similar cybersecurity risks.

The rule also requires an organization designate at least one person to be accountable for all aspects of the information security plan, including development and regular testing. Data encryption and key management are recommended as best practices, but they are not FTC requirements under the Safeguard Rule.

Pretexting Rule

This rule aims to prevent employees or business partners from collecting customer information under false pretenses, such as social engineering techniques. Although GLBA does not have specific requirements regarding pretexting, prevention usually entails building employee training to avoid pretexting scenarios into the written information security document.

What is the Gramm-Leach-Bliley Act? (1)

Who enforces GLBA requirements?

State and federal banking agencies have varying degrees of authority to enforce GLBA provisions. The FTC can take action in federal district courts against organizations that fail to comply with the Privacy Rule. Section 5 of GLBA grants the FTC the authority to audit privacy policies to ensure they are developed and applied fairly.

Enforcement of the Safeguard Rule remains with the FTC, although the Dodd-Frank Act in 2010 transferred new rulemaking authority to the Consumer Financial Protection Bureau (CFPB). Other federal agencies that play a role in GLBA enforcement include the Federal Reserve Board, the FDIC, the Office of Thrift Supervision and the Office of the Comptroller of the Currency. The responsibility for regulating insurance providers falls to individual states.

To avoid making compliance mistakes, a company may choose to hire independent consulting firms. These companies conduct a GLBA audit to assess an organization's information security posture and develop strategies to stay abreast of changing legal regulations.

(Video) 6. 7 Graham Leach Bliley Act GLBA CCSP 2021

Penalties for GLBA noncompliance

Failure to comply with GLBA can have severe financial and personal consequences for executives and employees. A financial institution faces a fine up to $100,000 for each violation. Its officers and directors can be fined up to $10,000, imprisoned for five years or both. Companies also face increased exposure and a loss of customer confidence.

Heightened awareness of security risks is among the benefits companies may derive from GLBA compliance, especially as hackers develop more sophisticated tools to breach computer systems. Aside from enhanced brand reputation, a company can gain new insights from existing data and improve its data management capabilities.

Recent GLBA cases brought by the FTC include:

  • Ascension Data and Analytics. In 2020, the Arlington, Texas, company agreed to an undisclosed financial settlement after a vendor, OpticsML, was found to have stored customer financial information in plain text in insecure cloud storage.
  • PayPal. The online payment processor agreed to pay $175,000 to the state of Texas in 2018 to settle GLBA and Federal Trade Act violations that compromised data security and privacy of customers using its Venmo peer-to-peer application.
  • TaxSlayer. Hackers were able to access nearly 9,000 of the Augusta, Ga., online tax preparer's customer records for several months in 2015. The FTC said it failed to implement a comprehensive security program, including providing a privacy notice to customers, as required under GLBA. Under the settlement with the FTC, the company is prohibited from violating the GLBA's Privacy Rule and the Safeguards Rule for 20 years and is required to have a third party assess its compliance every two years for 10 years.

Criticism, problems and GLBA revisions

Critics of the GLBA have contended the measure's enforcement lacks the regulatory capabilities of the Health Insurance Portability and Accountability Act (HIPAA) and privacy regulations like those enacted in California. The GLBA places the responsibility on individuals to notify companies when they are opting out of data collection. The limited opt-out rights facilitate greater data sharing among larger entities, which is the opposite of what was intended, critics said.

Some economists blamed the GLBA for contributing to the 2008 financial recession. They argued the repeal of the Glass-Steagall Act opened the doors for banks to engage in speculative investments using short-term hedge funds and other high-yield, high-risk financial instruments.

Other financial experts claimed the GLBA played only a marginal role in the economic crisis. They pointed to a glut of Fannie Mae- and Freddie Mac-owned subprime mortgages that Congress directed be bought to supply affordable housing in low-income neighborhoods.

The CFPB revised the GLBA in 2018 to exempt some companies from the requirement to deliver annual privacy notices to customers under certain conditions. In general, financial institutions are exempted in two ways: if they restrict information sharing and don't trigger a customer opt-out requirement or if there are no changes to the privacy policy previously delivered to the customer. The CFPB said the revision conforms with GLBA amendments established by Congress.

GLBA and GDPR

GLBA and Europe's General Data Protection Regulation (GDPR) have different goals, but both define data security and consumer privacy. Whereas GLBA sets data privacy rules for financial institutions, GDPR encompasses any organization that processes an individual's personal data in the course of transacting business.

(Video) Passing the NMLS Exam - Understanding the GLBA Act

Like GLBA, GDPR encourages companies to be more transparent in how they capture and handle sensitive information. That includes individuals' personal data and any metadata that may be used to identify or characterize them.

What is the Gramm-Leach-Bliley Act? (2)

In 2021, the Commonwealth of Virginia General Assembly passed the Virginia Data Protection Act, becoming the second U.S. state to enact regulations that toughen consumer protections. Virginia's law mirrors many provisions in the California Privacy Rights Act (CPRA). CPRA is an expanded version of the California Consumer Privacy Act, which guarantees individuals the right to know all personal information a company may collect. CPRA gives Californians and others broad authority to obtain, delete and restrict the use of any personal data. Any organization that transacts business in California may be subject to CPRA provisions.

Illinois, New York, Oregon, Texas and Washington are updating existing security laws, and the National Association of Insurance Commissioners has developed a model law to enable states to develop laws that uniformly protect personal data.

What is the Gramm-Leach-Bliley Act? (3)

History of GLBA

The Gramm-Leach-Bliley Act is named for the lawmakers who sponsored it: Sen. Phil Gramm (R-Texas), Rep. Jim Leach (R-Iowa) and Rep. Thomas Bliley (R-Va.). The U.S. Senate passed GLBA by a 54-44 margin in May 1999. The U.S. House of Representatives approved a version of the act in July 1999 with a 343-86 vote. A revised version of the bill passed both houses -- by votes of 90-8 in the Senate and 362-57 in the House -- on Nov. 4, 1999; President Bill Clinton signed GLBA into law on November 12.

GLBA emerged during a wave of government business regulation in the late 1990s. Congress passed HIPAA in 1996 and the Sarbanes-Oxley Public Company Accounting Reform and Investor Protection Act in 2002.

Federal regulators had relaxed some Glass-Steagall prohibitions in the years leading up to the GLBA. These steps helped pave the way for commercial banks and securities investment firms to merge and sell integrated financial services. However, this development renewed data privacy concerns that had been simmering for several years.

The EU Data Protection Directive, a 1995 European law that imposed stricter requirements on U.S. firms, was emblematic of this concern. Any U.S. company providing products or services to EU citizens must afford them the same privacy protections as those imposed by data exchanges in their home countries. The European Union in 2016 approved the GDPR to replace the Data Directive law; the GDPR became effective in 2018.

In 1999, the year GLBA became law, U.S. Bancorp, based in Minneapolis, Minn., was sued by the state of Minnesota for peddling confidential customer data to a telemarketing firm that allegedly debited their accounts without permission. In 1999, Charter Pacific Bank, in Agoura Hills, Calif., was involved in a porn scam after selling access to a database of credit card accounts to a California-based business operation. According to the FTC, the company used fictitious names and fake merchant accounts to bill unsuspecting customers in excess of $40 million for access to porn websites. The FTC won a $37.5 million judgment against the owners of the business. Selling access to the credit card database was not illegal, so the bank escaped financial punishment.

(Video) GLBA Explained - What you need to know and how to comply

Find out more about how the scramble to comply with a slew of new consumer data privacy laws and regulations is affecting IT and security processes.

FAQs

What is the main purpose of the Gramm-Leach-Bliley Act? ›

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

What are the two main rules of the GLBA? ›

What Does the GLBA Require? The GLBA requires companies that qualify as “financial institutions” to take several affirmative steps in order to prevent the unauthorized collection, use, and disclosure of NPI. It imposes these obligations under two “Rules”: (i) the Privacy Rule, and (ii) the Safeguards Rule.

What is the main purpose of the Gramm-Leach-Bliley Act quizlet? ›

The GLBA's purpose was to remove legal barriers preventing financial institutions from providing banking, investment and insurance services together.

What are the three key rules of GLBA? ›

There are three major components of the Gramm-Leach-Bliley Act including a Financial Privacy Rule, Safeguards Rule, and Pretexting Protection.

Which of the following would not be covered by the GLB Act? ›

Which of the following would not be covered by the GLB Act? The answer is: D. Appraiser. The Gramm-Leach-Bliley Act requires financial institutions to give privacy notices to consumers, explaining their information-sharing policies.

Who enforces the Gramm-Leach-Bliley Act? ›

The FTC enforces these provisions with regard to entities not specifically assigned by the provision to the Federal banking agencies or other regulators. Also, Sections 131-133 of the Act (15 U.S.C.

What is required to be disclosed on a privacy notice? ›

This notice must state that you disclose nonpublic personal information about the consumer to nonaffiliated third parties, state that the consumer has a right to opt out of that disclosure, and provide a reasonable opportunity for the consumer to opt out (such as by requiring the consumer to decide whether to opt out ...

When must a customer receive a privacy notice? ›

Let's look at the when and who for each type of privacy notice. The regulation requires that all customers receive an initial notice no later than the time that a customer relationship is established and prior to the bank's disclosure of any of their nonpublic personal information to a nonaffiliated third party.

Does GLBA have a private right of action? ›

The principal privacy provisions of the GLBA not only require financial institutions to provide notice of their information-sharing policies to consumers, but restrict them from sharing information with unaffiliated parties unless the consumer has an “opt out” opportunity, i.e., is given a chance to request his ...

Which of the following statements accurately describes the Gramm-Leach-Bliley Act? ›

Which of the following best describes the Gramm-Leach-Bliley Act? The Gramm-Leach-Bliley Act requires financial institutions to ensure the security and confidentiality of customer data.

What type of information does the GLBA protect quizlet? ›

ensure that financial institutions, including mortgage brokers and lenders, protect nonpublic personal information of consumers.

When was the Gramm-Leach-Bliley Act passed? ›

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, was passed in November 1999. The law repealed the Glass-Steagall Act of 1933, which limited securities activities within commercial banks and interactions between commercial banks and securities firms.

What is the penalty for violating the Gramm-Leach-Bliley Act? ›

Under GLBA, penalties for non-compliance can include fines of up to $100,000 per violation, with fines for officers and directors of up to $10,000 per violation. And if that wasn't enough, the provisions include criminal penalties of up to five years in prison, and the revocation of licenses.

What is considered nonpublic personal information under GLBA? ›

(A)The term “nonpublic personal information” means personally identifiable financial information— (i)provided by a consumer to a financial institution; (ii)resulting from any transaction with the consumer or any service performed for the consumer; or (iii)otherwise obtained by the financial institution.

What is the difference between a consumer and a customer under the GLB Act? ›

A consumer is an individual who obtains or has obtained a financial product or service from a financial institution for personal, family or household reasons. A customer is a consumer with a continuing relationship with a financial institution.

What is the other name for Gramm Leach Bliley? ›

The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals.

What is the difference between GLBA and SOX? ›

HIPAA protects a patient's healthcare information, SOX protects financial information of public companies, and GLBA protects the data of financial institution customers. However, they all share a unified goal: keeping sensitive data secure.

What is a safeguard rule? ›

The Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information.

Can bank disclose customer information to third party? ›

Prohibition on sharing account numbers: The privacy rule prohibits a bank from disclosing an account number or access code for credit card, deposit, or transaction accounts to any nonaffiliated third party for use in marketing. The rule contains two narrow exceptions to this general prohibition.

What is non public personal information? ›

Nonpublic personal information is any personally- identifiable, financial information that is not publicly available.

Who is subject to the Financial Privacy Rule? ›

Protecting Consumers' Financial Privacy

The FTC is one of the federal agencies that enforces provisions of Gramm-Leach Bliley, and the law covers not only banks, but also securities firms, and insurance companies, and companies providing many other types of financial products and services.

What are examples of nonpublic personal information? ›

Non-Public Personal Information means personally identifiable information, including, without limitation, social security numbers, financial account numbers (i.e. credit card, checking account, savings account, etc.), medical, employment, or insurance numbers, and passport numbers.

Are annual privacy notices still required? ›

Creation of Annual Privacy Notice Exception

Under Regulation P, financial institutions are required to send a privacy notice to all customers every 12 months without exception.

Can my bank share my information? ›

Why Do Banks Share Your Financial Information and Are They Allowed To? In a word: yes. If you've ever applied for a loan, you know that banks and credit unions collect a lot of personal financial information from you, such as your income and credit history.

Who gets a privacy notice? ›

Consumers who are not customers are entitled to an initial privacy and opt out notice before the financial institution shares nonpublic personal information with nonaffiliated third parties outside of the exceptions in sections 13, 14, and 15.

Are privacy notices mandatory? ›

In the US, there are no federal laws that require a business to have a Privacy Policy (except COPPA). But there are several laws, including federal and state laws, that have provisions on data privacy.

What are the main privacy requirements of the GLBA? ›

The Safeguard Rule requires that any institutions covered by the GLBA protect, via administrative, technical, and physical means, the confidentiality, integrity, and security of any nonpublic personal information that institution retains.

Does GLBA apply to business customers? ›

The GLBA only applies to individuals who obtain financial products or services primarily for personal, family, or household purposes, and does not apply to companies or individuals who obtain financial products or services for business, commercial, or agricultural purposes.

What types of controls are required to safeguard customer information? ›

The revised rule now also requires covered financial institutions to implement safeguards to control risks, including:
  • Access controls. ...
  • Data inventory and classification. ...
  • Encryption. ...
  • Secure development practices. ...
  • Authentication. ...
  • Information disposal procedures.
8 Nov 2021

In which situation would there be an exception to the privacy rules allowing a bank to disclose nonpublic personal information? ›

One exception under section fifteen allows banks to share nonpublic personal information at the consent or direction of a consumer. Sharing of information is also allowed when it's done to protect the security of records, prevent fraud, or to resolve consumer disputes.

When must a financial institution give its privacy notice to a former or prospective customer? ›

A financial institution must provide an initial notice of its privacy policies and practices to each customer, not later than the time a customer relationship is established.

What are the two concerns about using public information sharing centers? ›

Two concerns about public information sharing centers are the privacy of shared information and the speed at which the information is shared. Two tools that facilitate AIS are STIX and TAXII.

Why are mortgage brokers regulated under the GLB Act? ›

The purpose of the privacy provisions of the GLB Act is to ensure that financial institutions, including mortgage brokers and lenders, protect nonpublic personal information of consumers by: Advising consumers of the financial institution's policies with regard to the use and exchange of personal information.

What are the two main rules of the GLBA? ›

What Does the GLBA Require? The GLBA requires companies that qualify as “financial institutions” to take several affirmative steps in order to prevent the unauthorized collection, use, and disclosure of NPI. It imposes these obligations under two “Rules”: (i) the Privacy Rule, and (ii) the Safeguards Rule.

What are the 3 sections of GLBA? ›

There are three major components of the Gramm-Leach-Bliley Act including a Financial Privacy Rule, Safeguards Rule, and Pretexting Protection.

Which of the following would not be covered by the GLB Act? ›

Which of the following would not be covered by the GLB Act? The answer is: D. Appraiser. The Gramm-Leach-Bliley Act requires financial institutions to give privacy notices to consumers, explaining their information-sharing policies.

Who enforces the Gramm-Leach-Bliley Act? ›

The FTC enforces these provisions with regard to entities not specifically assigned by the provision to the Federal banking agencies or other regulators. Also, Sections 131-133 of the Act (15 U.S.C.

What information must be disclosed on the privacy notice? ›

The Contents of the Privacy Notice

Your notice must accurately describe how you collect, disclose, and protect NPI about consumers and customers, including former customers. Your notice must include, where it applies to you, the following information: Categories of information collected.

What is the main purpose of the Gramm-Leach-Bliley Act quizlet? ›

The GLBA's purpose was to remove legal barriers preventing financial institutions from providing banking, investment and insurance services together.

Is account balance considered PII? ›

Personally Identifiable Information (PII) is any piece of information meant to identify a specific individual. This often includes data such as a Social Security number, driver's license number, financial accounts, email addresses, login credentials and passwords, addresses, phone numbers, and birth date.

What is considered personally identifiable financial information? ›

PIFI enables the unique searching, identification and validation of a person's financial information through a specialized database and/or system. PIFI may include information such as an individual's name, contact details, bank account number, credit card number, Social Security number, etc.

How many key rules does the GLBA have? ›

3 KEY RULES TO UNDERSTAND GLBA

The act has three main sections, consisting of two rules and a set of provisions. The term “3 rules” seems to have been adopted to help people better understand the requirements of the legislation.

Why was the Gramm-Leach-Bliley Act created? ›

The Gramm-Leach-Bliley Act addressed these changes in the financial sector. It was intended to promote the benefits of financial integration for consumers and investors while safeguarding the soundness of the banking and financial systems.

When must customers receive a company's privacy notice? ›

You must provide a clear and conspicuous notice to customers that accurately reflects your privacy policies and practices not less than annually during the continuation of the customer relationship. Annually means at least once in any period of 12 consecutive months during which that relationship exists.

What are the main privacy requirements of the GLBA? ›

GLBA compliance requires that companies develop privacy practices and policies that detail how they collect, sell, share and otherwise reuse consumer information. Consumers also must be given the option to decide which information, if any, a company is permitted to disclose or retain for future use.

What type of information does the GLBA protect quizlet? ›

ensure that financial institutions, including mortgage brokers and lenders, protect nonpublic personal information of consumers.

What is the difference between a consumer and a customer under the GLB Act? ›

A consumer is an individual who obtains or has obtained a financial product or service from a financial institution for personal, family or household reasons. A customer is a consumer with a continuing relationship with a financial institution.

What are the objectives of Part 314 of the GLBA? ›

This part, which implements sections 501 and 505(b)(2) of the Gramm-Leach-Bliley Act, sets forth standards for developing, implementing, and maintaining reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

What is non public personal information? ›

Nonpublic personal information is any personally- identifiable, financial information that is not publicly available.

What is a safeguard rule? ›

The Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information.

What is nonpublic personal information under GLBA? ›

The personal information covered by the GLBA is termed “nonpublic personal information,” which means “personally identifiable financial information — provided by a consumer to a financial institution; resulting from any transaction with the consumer or any service performed for the consumer; or otherwise obtained by ...

Which of the following statements accurately describes the Gramm-Leach-Bliley Act? ›

Which of the following best describes the Gramm-Leach-Bliley Act? The Gramm-Leach-Bliley Act requires financial institutions to ensure the security and confidentiality of customer data.

How many key rules does the GLBA have? ›

3 KEY RULES TO UNDERSTAND GLBA

The act has three main sections, consisting of two rules and a set of provisions. The term “3 rules” seems to have been adopted to help people better understand the requirements of the legislation.

Can bank disclose customer information to third party? ›

Prohibition on sharing account numbers: The privacy rule prohibits a bank from disclosing an account number or access code for credit card, deposit, or transaction accounts to any nonaffiliated third party for use in marketing. The rule contains two narrow exceptions to this general prohibition.

Is customer of a bank a consumer? ›

A customer is really a sub-category of consumers that have a continuing relationship with the financial institution. A consumer is NOT ALWAYS a customer, but a customer is ALWAYS a consumer. Examples: According to the FTC, if a financial institution originates a loan, then it has a relationship with that customer.

Which document is required to be provided to customers under the Gramm Leach Bliley Act? ›

The GLBA, among other things, requires that financial institutions provide their customers with initial and annual notices regarding their privacy practices, and allow their customers to opt out of sharing their information with certain nonaffiliated third parties.

Which industry is most impacted by the Gramm Leach Bliley Act? ›

We find that the law has a differential impact across the financial services industry. All three industries have gained due to this law with commercial banks benefiting most, followed by the insurance industry.

What is required under the safeguard rule? ›

Rule Summary. The Safeguards Rule requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure.

Videos

1. Passing the NMLS Exam - Uderstanding the GLBA Act - even more info
(Affinity Real Estate & Mortgage Training)
2. Debbie Reynolds “The Data Diva” Discusses The Gramm-Leach-Bliley Act Updated Safeguard Rule 2022
(Debbie Reynolds Consulting LLC)
3. Gramm-Leach-Bliley Act Protects Consumers Privacy Rights
(American Land Title Association)
4. Signing of the Gramm-Leach-Bliley Act
(clintonlibrary42)
5. Breaking down the Gramm-Leach-Bliley Act.
(The CyberWire)
6. Risk Management—Gramm Leach Bliley Act Security Compliance
(Edge TV)

Top Articles

You might also like

Latest Posts

Article information

Author: Carlyn Walter

Last Updated: 11/05/2022

Views: 5485

Rating: 5 / 5 (50 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Carlyn Walter

Birthday: 1996-01-03

Address: Suite 452 40815 Denyse Extensions, Sengermouth, OR 42374

Phone: +8501809515404

Job: Manufacturing Technician

Hobby: Table tennis, Archery, Vacation, Metal detecting, Yo-yoing, Crocheting, Creative writing

Introduction: My name is Carlyn Walter, I am a lively, glamorous, healthy, clean, powerful, calm, combative person who loves writing and wants to share my knowledge and understanding with you.