'Most Innovative Startup 2020' by RSA - Watch the videoLearn More
The Gramm-Leach-Bliley Act (GLBA) or the Financial Services Modernization Act 1999 is a US Federal sectoral legislation that aims to provide increased protections to the privacy of US residents by requiring financial institutions to safeguard the personal information of their customers and to keep customers informed of where that information is being shared.
There are two important rules in relation to the GLBA which impose important obligations on financial institutions (and other entities) to protect and safeguard the privacy of their customers and consumers, they are:
In summary, the GLBA and its associated rules and regulations therefore impose the following responsibilities on financial institutions and other covered entities:
"Customers" are a subclass of consumers who have a continuing relationship with a financial institution. It's the nature of the relationship - not how long it lasts - that defines whether a person is a customer or a consumer.
A "consumer" is someone who obtains or has obtained a financial product or service from a financial institution that is to be used primarily for personal, family, or household purposes, or that person's legal representative. The term "consumer" does not apply to commercial clients, like sole proprietorships.
Nonpublic personal information of customers and includes (but is not limited to):
NPI does not include information that a financial institution or covered entity has a reasonable basis to believe is lawfully made "publicly available." A covered entity must determine whether:
Gramm-Leach-Bliley Act applies to all penalties for noncompliance, including fines and imprisonment. If a financial institution violates GLBA:
Privacy notices under the GLBA Financial Privacy Rule have specific content requirements as well as methods on how these notices must be provided to customers or consumers.
GLBA Financial Privacy Rule provides that consumers and customers who have the right to opt out may do so at any time. Once a financial institution receives an opt-out direction from their existing consumers or customers, they must comply with it as soon as is reasonably possible.
Exceptions to honoring opt-out requests in GLBA Financial Privacy Rules are applicable when the information-sharing is necessary for processing or administering a financial transaction requested or authorized by a consumer; or to prevent fraud, respond to judicial process or a subpoena, or comply with federal, state, or local laws; or for certain certain “joint” marketing activities.
Under the GLBA Safeguards Rule, Financial Insitutitions and covered entities should know where sensitive customer information is stored and store it securely and also limit access to employees who have a business reason to see it.
Under a separate rule, the GLBA Disposal Rule, Financial Institutions and covered entities should dispose of customer information in a secure way.
The multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations.Get the Book
“By leveraging the PrivacyOps constructs from this book across our organization we were able to not only save time and money but also mitigate the risks associated with manual methods of privacy management.”
- Marty Collins, Chief Privacy and Legal Officer, QuinStreet, Inc