The Gramm-Leach-Bliley Act (GLBA) is a U.S. federal law passed in 1999 that governs how financial institutions have to protect consumer financial data.
RecordPoint empowers financial services companies to comply with the data privacy provisions of GLBA and other important laws.
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act, was passed on November 12, 1999. It implemented several new rules related to the protection of consumer financial information for financial services companies like banks, credit unions, and insurance companies.
The GLBA is named for Senator Phil Gramm (R, Texas), Congressman Jim Leach (R, Iowa), and Congressman Thomas J. Bliley, Jr. (R, Virginia) – the three legislators most directly associated with the bill. GLBA did several things beyond implementing new rules related to protecting consumer financial information.
GLBA repealed large portions of the Glass-Steagall Banking Act of 1933 and the Bank Holding Company Act of 1956, allowing banks, brokerages, and insurance companies to merge. Part of getting the act passed meant adding the three new rules around protecting consumer financial information.
The purpose of the GLBA is to ensure that banks and other financial institutions protect consumer information with effective security programs, beyond enabling organizations that previously had to remain separate to merge. Regulatory updates have shifted standards for the GLBA in recent years. The Privacy Rule previously required notification of data breaches for incidents including 1,000 customers; it has since been dropped to incidents including 500 customers.
There are specific steps that financial services companies need to take to comply with GLBA, which include:
RecordPoint can help U.S. companies facilitate their GLBA compliance with several key features, including:
Proactively dispose of data you don’t need with custom retention policies that make minimization effortless.
Use AI to classify data instantly, so you know exactly where sensitive data lives and how to protect it.
Automate compliance tasks with AI and machine learning models trained on your data.
Discover where all your data lives to get a comprehensive picture of your data estate, so you can better understand and protect it.
The penalties for non-compliance can be significant; companies can be fined $100,000 for each violation, and individuals charged and imprisoned for up to five years. That’s why leaders and key decision-makers must prioritize GLBA compliance.
Have another question? Looking for more details? Reach out to our friendly team who will be happy to help.
The Federal Trade Commission is the primary agency that enforces compliance with the GLBA. Other facets of GLBA compliance are managed through the Consumer Financial Protection Bureau (CFPB), the Office of the Comptroller of the Currency (OCC), the Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission (CFTC).
The Gramm-Leach-Bliley Act (GLBA) protects non-public personal information (NPI) and customer financial information. This includes names, addresses, account numbers, and Social Security numbers. GLBA's protections cover personally identifiable information as well as financial data on consumers that the financial institution has an ongoing relationship with. This means account holders at the bank or policy holders at an insurance company.
Any business that collects or processes nonpublic financial information as part of the normal course of business has to comply with the GLBA. It's particularly important for banks, credit unions, insurance companies, and other financial services firms to comply with these rules.