What Is GLBA?
The Gramm-Leach-Bliley Act (GLBA), also know as the Financial Modernization Act of 1999, applies to any financial institution that gathers and uses consumers’ nonpublic privacy information (NPI). Under this U.S. federal law, financial institutions are required to disclose how they share and protect this type of private information. It is enforced by the FTC and federal banking regulators with the aim of preventing unauthorized use, distribution, or illegal access to customers’ nonpublic data.
To be compliant with the GLBA, financial organizations must meet the data security standards within the Safeguards Rule. Along with the FTC Privacy Rule, this framework requires institutions to have a written security plan and information security measures in place to protect the privacy of customers and consumers. In accordance with their individual security plan, organizations must inform their customers about how they share the customers’ sensitive data with third parties, their right to opt-out, and implement the protections outlined for customers’ private data.
