Everything You Should Know About the Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLBA) is known for its rules on customer privacy. However, the initial purpose of this federal law was to allow the merger of different financial institutions, including securities companies, insurance providers and banks.

Until the GLBA repealed it, the Glass-Steagall Act of 1933 prohibited the merger of financial institutions. Consequently, there were concerns about the new customer data that the merged financial institutions would have access to. For that reason, the GLBA also introduced a new set of stipulations to ensure these institutions protected customers’ information privacy.

The Federal Trade Commission (FTC) enforced GLBA compliance in three ways.

  • The Financial Privacy Rule, which regulates how financial institutions collect and disclose private financial information
  • The Safeguards Rule, which requires financial institutions to implement measures that secure customer information.
  • The Pretexting Provisions requires companies to protect personal information against access under false pretenses via phishing, social engineering and so on.

What Organizations Does the Gramm-Leach-Bliley Act Apply To?

GLBA compliance is mandatory for all companies that provide financial services or products, such as insurance, loans or financial/investment advice. Contrary to common belief, the GLBA doesn’t apply only to banks and insurance providers, nor does it apply only to companies of a specific size.

The GLBA, therefore, also applies to mortgage brokers, money transfer services, debt collectors, investment advisors, automobile dealerships and retailers that issue store credit cards. Likewise, higher learning institutions are also required to be GLBA compliant because the banking law applies to student loans and related financial activities.

What Information Does the GLBA Protect?

The GLBA safeguards nonpublic personal information that organizations obtain through any means, including from services performed, transactions or directly from consumers. It also covers descriptions, lists or consumer groups that the organizations derive from nonpublic personal information. GLBA compliance is not required for publicly available information.

Nonpublic personal information refers to personally identifiable financial information (PIFI) that facilitates the search, validation and identification of an individual’s financial information through the use of a specialized system or database. Examples of PIFI include your name, social security number, contact details, bank account number and credit card number.

The GLBA Differentiates Customers and Consumers

The Financial Privacy Rule of the GLBA sets a distinction between customers and consumers. An organization must notify all its customers about its privacy practices. It must do the same for its consumers if it shares their information in specified ways.

The rule defines a consumer as an individual who obtains a company’s financial service or product primarily for personal use. Note that the Financial Privacy Rule doesn’t apply to commercial clients — only individuals. Consumers include rejected loan applicants and individuals who use ATMs of banks at which they have no account.

Per the Financial Privacy Rule, customers are the subset of consumers with which the financial institution has an ongoing relationship. They include individuals with insurance policies, signed leases or bank accounts. This also applies to past customers, such as individuals who previously used an institution’s financial services but have since ended the relationship.

Protect Your Financial Records

As you continue to use the products or services, you’ll often find that you have a surplus of documents, many of which you longer need. You need to protect your financial records by securely storing these documents safely and safely disposing of those you no longer need.

Atlantic Shredding offers document scanning, paper shredding, hardware destruction and off-site record storage services in the Washington, DC, Northern Virginia and Maryland Capital Region. Visit the Atlantic Shredding & Destruction Services to learn more.

Leave a comment