What is the ‘GLBA’?
IMPORTANT NOTE: On October 27, 2021 the FTC announced important updates to GLBA’s security rule. This article has not been updated to account for those changes.
The Gramm-Leach-Bliley Act of 1999 (GLBA) is a US federal law that includes rules that protect the privacy and security of personally identifiable financial information relating to individuals. It repealed the Glass-Steagall Act (which was part of the U.S. Banking Act of 1933) which limited commercial bank’s ability to engage in investment banking and insurance underwriting and from affiliating or merging with investment banks, insurance companies, and security firms. The GLBA was updated in 2015 and significant changes were introduced.
In essence, GLBA requires financial institutions to follow certain privacy and security standards:
- Privacy standards: The GLBA requires financial institutions to notify consumers of their information sharing practices and provides for a right to opt-out of certain sharing. See, 15 U.S.C. Sec. 6801(a)
- Security standards: The GLBA requires financial institutions to have in place a security program to (i) ensure the security and confidentiality of costumer records and information; (ii) protect customer records against any anticipated threats of hazards to their security or integrity; and (iii) protect against unauthorized access to or use of…
