GLBA or the Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act or the GLBA is an extremely comprehensive federal law that affects various financial institutions. Under the GLBA, these institutions have to develop, utilize, and maintain physical, technical, and administrative safeguards in order to protect the integrity, security and confidentiality of any customer information available.
GBLA is applicable to savings and loans, banks credit unions, securities firms, and insurance companies. The law even includes certain retailers along with automobile dealers that can collect and share personal information about a consumer when they extend or arrange credit to them.
Personal information that is often considered private by an individual such as bank balances or account numbers is often sold and bought by credit card companies, banks and financial institutions. The GLBA, which was also called the Financial Services Modernization Act of 1999, gives limited privacy protections to the consumer against the sale of these pieces of private financial information. Furthermore, the GLBA codifies protections against obtaining the information through any false pretenses.
The hope of the GLBA was to modernize financial services by ending regulations that stopped the merger of banks, insurance companies and stock brokerage companies. The removal of the regulations, however, increased significant risks of these new financial institutions accessing a large amount of consumer personal information, without restrictions upon its use.
Before the GLBA, an insurance company that kept a consumer’s health records was very separate from the bank that provided a mortgage along with the stockbroker that handled the stocks. After these companies merged, they could consolidate, analyze and then sell the personal information of their customers.
Because of these potential risks, the GLBA put in three easy requirements to protect personal data of the individuals:
• Banks, insurance companies and brokerage companies must securely keep personal financial information
• These institutions must advise a customer of their policies on any sharing of personal financial information
• They must also give the individuals the chance to deny sharing of personal financial information.
Compliance with the GLBA is mandatory. Even if a financial institution does not disclose information, there needs to be a policy set to protect information from any foreseeable threats in data or security integrity.
The major components of the GLBA are set to govern the disclosure, collection and protection of the consumers’ personal information and include:
• Financial Privacy Rule: requires financial institutions to give each consumer a privacy notice at the time the relationship with the consumer is established and every year thereafter explaining the information obtained about the consumer, where the information is shared, how it is used, and how it is protected as well as the consumer’s individual right to deny having his information shared with third parties as said in the Fair Credit Reporting Act.
• Pretexting Protection: Protection from someone trying to obtain access to personal information without the proper authority to have it, for example by impersonating the impersonating the account holder, or by phishing
• Safeguards Rule: a written information security plan that talks about how a company is prepared for, and will plan to keep protecting clients’ personal information