Global Security Intelligence
Home > Policy & Research > Research Centre > Regulatory Compliance > Gramm-Leach-Bliley Act

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley (GLB) Act of 1999, also known as the Financial Modernization Act, serves to protect the privacy and security of customers of financial institutions, such as banks, securities firms, and insurance companies. The act is not, however, limited to these, but applies to any “financial institution”, that is, any institution that provides financial services to its customers.

The Act consists of three parts. The first part, the Financial Privacy Rule, requires the financial establishment to provide customers with a privacy notice detailing the privacy practices in undertakes, and allow the customers time to opt out, that is, to refuse to allow their information to be shared, except when:

  • the information is being shared with a company that provides an essential service,
  • when it is legally required that the information be shared,
  • or when the data is classified as public.

The second part, the Safeguards Rule, requires that the establishment develop, implement, and maintain written policies and procedures to keep client information secure and protected. Although the Rule does provide guidelines and standards for safeguarding data, it is quite broad, leaving room for each individual institution to identify its own security needs and implement controls accordingly.

The third portion of the GLB act is the Pretexting Provisions which prohibits pretexting, that is, using fraudulent or forged documents, impersonation, or any other false pretense to obtain or attempt to obtain a client’s financial information.

If an institution is found by the Federal Trade Commission (FTC) to be in violation of the GLB act, strict penalties may be levied against it. Although the punishment varies from case to case, it can include a civil penalty of up to $100,000 per violation to be paid by the financial establishment, and/or civil fines of up to $10,000 per violation that the officers or directors of the institution are personally liable for.

For more information about this topic, please contact us at info@globalseci.com