GLBA
Gramm-Leach-Bliley Act
Federal law requiring financial institutions to protect consumer financial information.
What is GLBA?
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, requires financial institutions to explain their information-sharing practices and to safeguard sensitive customer data. GLBA applies to companies that offer financial products or services, including banks, securities firms, insurance companies, and other financial service providers.
The GLBA Safeguards Rule, updated in 2023, requires financial institutions to develop, implement, and maintain a comprehensive information security program with specific requirements for risk assessment, access controls, encryption, and incident response.
Who Needs GLBA?
- Banks and financial institutions
- Insurance companies
- Securities firms and broker-dealers
- Financial advisors
- Non-bank financial companies (mortgage lenders, payday lenders)
Key Requirements
Core compliance areas for GLBA
Privacy Notice
Provide clear notice of information collection and sharing practices.
Opt-Out Rights
Allow customers to opt out of information sharing with non-affiliated third parties.
Safeguards Rule
Implement comprehensive information security program protecting customer information.
Risk Assessment
Conduct periodic risk assessments of customer information handling.
Vendor Management
Oversee service providers handling customer information.
Benefits of GLBA Compliance
- Maintain FTC and regulatory compliance
- Avoid significant enforcement actions
- Build customer trust
- Reduced risk of data breaches
- Foundation for comprehensive security program
- Better vendor risk management