Gramm-Leach-Bliley Act | Federal Trade Commission
Scope of Privacy Rule and guide; relation of GLB Act to other laws. Fair Credit . together to define what constitutes nonpublic personal information. Personally. The Gramm-Leach-Bliley Act requires financial insitutions to explain their and customers (a subset of consumers with a continuing relationship with the financial the definition of nonpublic personal information from section of the GLBA. Financial institutions covered by the Gramm-Leach-Bliley Act must tell their customers about their information-sharing practices and explain to.
A business, however, may be liable for compliance to the GLB depending upon the type of business and the activities utilizing individual's personal nonpublic information.
A "consumer" is an individual who obtains or has obtained a financial product or service from a financial institution that is to be used primarily for personal, family, or household purposes, or that individual's legal representative. Examples of consumer relationships: Obtaining cash from a foreign ATM, even if it occurs on a regular basis Cashing a check with a check-cashing company Arranging for a wire transfer  Definition: A "customer" is a consumer who has a "customer relationship" with a financial institution.
A "customer relationship" is a continuing relationship with a consumer.
Examples of establishing a customer relationship: Opening a credit card account with a financial institution Entering into an automobile lease on a non-operating basis for an initial lease term of at least 90 days with an automobile dealer Providing personally identifiable financial information to a broker in order to obtain a mortgage loan Obtaining a loan from a mortgage lender Agreeing to obtain tax preparation or credit counseling services "Special Rule" for Loans: The customer relationship travels with ownership of the servicing rights.
This privacy notice must be given to the client prior to entering into an agreement to do business. There are exceptions to this when the client accepts a delayed receipt of the notice in order to complete a transaction on a timely basis.
Privacy Policies at Banks: The Gramm-Leach-Bliley Act - Clarip Privacy Blog
This has been somewhat mitigated due to online acknowledgement agreements requiring the client to read or scroll through the notice and check a box to accept terms. The privacy notice must also explain to the customer the opportunity to 'opt out'.
Opting out means that the client can say "no" to allowing their information to be shared with nonaffiliated third parties. The Fair Credit Reporting Act is responsible for the 'opt-out' opportunity, but the privacy notice must inform the customer of this right under the GLB.
The client cannot opt out of: Information shared with those providing priority service to the financial institution Marketing of products or services for the financial institution When the information is deemed legally required.
As applies to consumers, the GDPR includes provision on scope of data collection, but also includes right of accessand right to erasure. Due to the multinational nature of some transactions, including data and internet transactions, and the possible implementation of corresponding regulations in some US states, it is likely that business and other entities will comply with the GDPR as well as US GLBA requirements. Safeguards Rule[ edit ] Subtitle A: Disclosure of Nonpublic Personal Information, codified at 15 U.
The Safeguards Rule applies to information of any consumers past or present of the financial institution's products or services. This plan must include: Notice Requirements The law requires notification by banks and other financial institutions of their information-sharing practices as well as disclosure to consumers of their right to opt-out of information sharing with certain third-parties.
This written notice must be clear and conspicuous. All customers must get an initial notice before the customer relationship is established, or within a reasonable time after if the customer agrees and providing the notice would substantially delay the transaction.
The law provides for certain non-customer consumers to get a short-form privacy notice instead with an opt-out of sharing, an explanation that the full notice is available, and how to get it.
Gramm-Leach-Bliley requires businesses to have customers engaged in electronic transactions acknowledge receipt of the notice before obtaining a product or service. There is also an annual requirement to deliver it at least once in any period of 12 consecutive months for the duration of a customer relationship.
Inthe FTC published a two-page disclosure form as a model privacy form to be voluntarily used by financial institutions.
Gramm–Leach–Bliley Act - Wikipedia
There are exceptions to the notice and opt-out requirements. There is also certain information such as account numbers that may not be shared for marketing purposes regardless of whether an individual opts-out of information sharing.
As with any privacy law, it is complex. Businesses covered by the law may also be covered by other laws protecting privacy, such as the Fair Credit Reporting Act. Safeguards Rule This portion of the GLBA requires financial institutions to develop a written information security plan to protect customer information. The new laws under consideration by Congress establish sensitive financial information as one of the categories of confidential personal information that should be protected online.
If one of them passes and becomes law, they will apply privacy protections beyond the limitations of the GLBA financial institutions to all or most website and app operators.