Three integral pieces of the 1999 Gramm-Leach-Bliley Act (GLBA) focus on the information security of consumers’ personal financial information. The Financial Privacy Rule, the Safeguards Rule, and the Pretexting Provisions together determine how financial institutions can collect this information and how they must ensure the security and confidentiality of it.
To fulfill their GLBA compliance, all financial institutions must:
- Provide notice to customers about its privacy requirements regarding their personal financial information (Financial Privacy)
- Establish, implement and maintain an Information Security Program that secures and protects consumers’ personal financial information from anticipated threats and/or unauthorized access (Safeguards)
- Ensure that consumers’ personal financial information is not being collected under false pretenses (Pretexting)
These rules extend to more than just banks, credit unions and thrifts. Per GLBA, the term financial institution covers many parallel sectors such as tax preparers, credit counselors, debt collectors, automobile dealers and much more. In general, if a business collects and shares personal information about consumers to whom they extend or arrange credit, they have an obligation to GLBA.
Learn how to be GLBA compliant with assessments, software and training.