Guide to the Gramm-Leach-Bliley Act

This resource provides a clear and accessible introduction to the core requirements and privacy obligations established under the Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999. It offers readers an overview of how the law governs the handling of consumers’ nonpublic personal information by financial institutions, emphasizing Title V’s focus on privacy, data protection, and responsible information‑sharing practices. The guide explains key provisions, including institutions’ duty to safeguard customer data, provide transparent privacy notices, and offer consumers the opportunity to opt out of certain disclosures to nonaffiliated third parties.

Overview

What is it?

The GLBA is a federal law that became effective in the United States In 1999. The GLBA is also known as the Financial Services Modernization Act of 1999.

Privacy pros zero in on Title V, Subtitle A of the GLBA (15 U.S.C. 6801 et seq). Title V boldly introduces the topic of “Privacy” and the “Disclosure of Nonpublic Personal Information.”

Under Title V, Subtitle A, Section 501 describes the “Protection of Nonpublic Personal Information,” stating that “each financial institution has an affirmative and continuing obligation “to respect the privacy of its customers and to protect the security and confidentiality of those customers’ non-public personal information” (15 U.S.C. § 6801). Also, financial regulatory agencies have to “establish appropriate administrative, technical, and physical safeguard standards” that will:

• Ensure the security and confidentiality of customer records and information.
• Protect against any anticipated threats or hazards to the security or integrity of such records.
• Protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer (15 U.S.C. § 6801, 15 U.S.C. § 6804).