What are the requirements of the Gramm-Leach-Bliley Act?
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Which are three key rules of the GLBA?
The Act consists of three sections: The Financial Privacy Rule, which regulates the collection and disclosure of private financial information; the Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information; and the Pretexting provisions, which prohibit …
What are the two main rules of the GLBA?
The GLBA requires companies that qualify as “financial institutions” to take several affirmative steps in order to prevent the unauthorized collection, use, and disclosure of NPI. It imposes these obligations under two “Rules”: (i) the Privacy Rule, and (ii) the Safeguards Rule.
How many key rules does the GLBA have?
The two key rules within the GLBA are The Financial Privacy Rule (16 CFR Part 313) and The Safeguards Rule (16 CFR Part 314). Both rules dictate how covered institutions manage customer data; the Financial Privacy Rule governs data collection and disclosure while the Safeguards Rule controls data security.
Does GLBA require encryption?
Learn more about compliance. Encryption is not an explicit GLBA requirement, but Section 501(b) of the GLBA states that financial institutions must take the necessary measures to ensure the security and confidentiality of non-public customer information.
Who is restricted by the GLBA?
The GLBA privacy rules restricts the sharing of ‘nonpublic personal information’ (NPI) about a natural person who is a ‘consumer’ or a ‘customer’. (1) Sharing: The core focus of the privacy requirements of the GLBA is limiting the sharing of NPI.
What is considered GLBA data?
GLBA covered information GLBA defines covered customer information as any record containing nonpublic personal information or personally identifiable financial information about a customer of PCC – whether in paper, electronic, or other form – that is handled or maintained by or on behalf of PCC or its affiliates.
Is GLBA a privacy law?
The GLBA’s privacy protections generally apply to consumers, i.e., individuals who obtain financial products or services from a financial institution primarily for personal, family, or household purposes, while some requirements apply to customers, i.e., consumers with whom the organization has an ongoing relationship.
Does GLBA apply to non financial institutions?
As the U.S. Federal Trade Commission (FTC) explains, the GLBA applies to, “all businesses, regardless of size, that are ‘significantly engaged’ in providing financial products or services.”
Does GLBA preempt state law?
While the GLBA has a preemption provision,5 and preemption ordinarily leads to the conclusion that federal law displaces state laws, GLBA privacy provisions do not preempt state laws that are consistent with it; the preemption, if applicable, extends only to the inconsistency.
Who does Gramm-Leach-Bliley apply to?
Gramm-Leach-Bliley Act applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services to consumers.