Home

GLBA

The Gramm-Leach-Bliley Act (GLBA) is a United States federal law enacted in 1999 as part of the Financial Services Modernization Act. It modernized the regulation of financial institutions by allowing affiliations among banks, securities firms, and insurance companies, while also addressing how consumer financial information is collected, used, and protected. The act is named after its sponsors: Senators Phil Gramm, Jim Leach, and Jim Bliley.

GLBA governs the handling of nonpublic personal information (NPI) by financial institutions. Its provisions are commonly

Enforcement of GLBA provisions falls to the Federal Trade Commission for many nonbank financial institutions, with

GLBA interacts with state privacy laws and other federal regulations, but remains a foundational framework for

organized
into
three
main
rules.
The
Financial
Privacy
Rule
governs
how
institutions
may
share
NPI
with
nonaffiliated
third
parties
and
requires
disclosures
to
customers
about
information-sharing
practices,
including
options
to
opt
out
of
certain
sharing.
The
Safeguards
Rule
requires
financial
institutions
to
implement
a
comprehensive,
written
information
security
program
designed
to
protect
NPI.
This
program
must
address
risk
assessments,
access
controls,
employee
training,
incident
response,
and
vendor
management.
The
Pretexting
Provisions
prohibit
attempts
to
obtain
NPI
through
misleading
or
fraudulent
means
(pretexting)
and
set
penalties
for
such
practices.
primary
responsibility
for
banks
and
certain
other
entities
resting
with
the
appropriate
federal
banking
and
related
regulators.
Civil
penalties
and
corrective
actions
can
follow
noncompliance.
protecting
consumer
financial
information
across
financial
services.
It
continues
to
influence
how
institutions
communicate
privacy
practices,
manage
security
risks,
and
govern
data
sharing
with
affiliates
and
third
parties.