Financial Privacy: The Gramm-Leach
Bliley Act
The Financial Modernization
Act of 1999, also known as the “Gramm-Leach-Bliley Act” or GLB
Act, includes provisions to
protect consumers’ personal financial information held by
financial institutions. There are three principal parts to the
privacy requirements: the Financial Privacy
Rule, Safeguards Rule and pretexting provisions.
The GLB Act gives authority to eight federal agencies and the
states to administer and enforce the
Financial Privacy Rule
and the Safeguards Rule.
These two regulations apply to “financial institutions,” which
include not only banks, securities firms, and insurance
companies, but also companies providing many other types of
financial products and services to consumers. Among these
services are lending, brokering or servicing any type of
consumer loan, transferring or safeguarding money, preparing
individual tax
returns, providing financial advice or credit counseling,
providing residential real estate settlement services,
collecting consumer debts and an array of
other activities. Such non-traditional “financial
institutions” are regulated by the FTC. For more information on
the types of financial activities covered,
click here.
The Financial Privacy Rule governs the collection and disclosure
of customers’ personal financial information by financial
institutions. It also applies to companies, whether or not they
are financial institutions, who receive such information. For a
summary overview of the Financial Privacy Rule, see
In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley
Act.
The Safeguards Rule requires all financial institutions to
design, implement and maintain safeguards to protect customer
information. The Safeguards Rule applies not only to financial
institutions that collect information from their own customers,
but also to financial institutions – such as credit reporting
agencies – that receive customer information from other
financial institutions.
The Pretexting provisions of the GLB Act protect consumers from
individuals and companies that obtain their personal financial
information under false pretenses, a practice known as “pretexting.”
|