The Gramm-Leach-Bliley Act (GLB Act), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to provide control on the ways financial institutions deal with the private information of individuals.
The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices The Act is mainly composed of three sections: The Financial Privacy Rule, which regulates the collection and disclosure of private financial information; the Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information; and the Pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses) as mentioned in the article Gramm-Leach-Biley Act.
The Financial Privacy Rule governs the collection and disclosure of customers’ personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information. The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions “such as credit reporting agencies” that receive customer information from other financial institutions.
The Pretexting provisions of the GLB Act protect consumers from individuals and companies that obtain their personal financial information under false pretenses, a practice known as “pretexting. ,” as mentioned in the article Privacy Initiatives. This Act has been long awaited by the general public specially the consumers who are making financial transactions through different financial institution and was passed by the Congress in November 1999 which is also known as the Financial Services Modernization Act.
This serves as a regulatory modernization bill for the financial services industry. In the administration and enforcement of the Financial Privacy Rule and Safeguards, the GLB Act gives authority to eight federal agencies and the states. These two regulations apply to financial institutions, not just banks, securities firms, and insurance companies, but also companies that provide many other types of financial products and services to consumers.
These services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities. Such non-traditional financial institutions are regulated by the Federal Trade Commission (FTC).
The GLB Act added new regulations in four main areas: disclosure of privacy policies; “opt-out” of information disclosures to non-affiliated third parties; non-disclosure of account information; and standards to protect security and confidentiality of consumers’ non-public information. First, the GLB Act requires institutions to annually disclose their privacy policies to consumers. This disclosure must be prominent and must be made to all customers either when the customer begins his or her relationship with the institution or on an annual basis to existing customers.
The disclosure must also contain the institution’s policy regarding the categories of non-public personal information it collects, its disclosure policy of non-public personal information to third parties and affiliates, and the categories of entities that receive the information. Second, the GLB Act gives consumers the right to “opt-out” of allowing the institution to send non-public personal information to nonaffiliated third parties. Even if the consumer does not opt-out, third parties may not re-disclose this information.
There are exceptions, however, to this opt-out rule, and for good reason. This provision does not apply to the sharing of information with third parties to process statements or service customer accounts. Opt-out is also unnecessary when information is transferred to complete transactions authorized by the customer, when disclosing customer information to a credit bureau, complying with a regulatory investigation by state or federal authorities, or to protect against fraud.
Opt-outs are also not required for institutions that want to share information with affiliates companies that are closely related through ownership by a parent company. This rule applies to all companies, not just financial institutions. Third, the GLB Act flatly prohibits institutions from sharing account numbers or other similar identification numbers or codes with non-affiliated parties for the purposes of telemarketing, direct mail marketing, and marketing through e-mail solicitations.
Finally, the GLB Act requires financial institution regulators to establish standards to ensure the confidentiality and security of consumer records, protect against threats to the security of those records, and protect against unauthorized access to those records that could result in substantial harm or inconvenience to the consumer. The GLB Act’s sweeping definition of “financial institution” means any regulated financial company or business that engages in financial activities.
It includes banks, bank holding companies, securities firms, insurance companies, insurance agencies, thrifts, credit unions, mortgage brokers, finance companies, and check cashers. In addition, because of the way GLB defines “financial activities,” these protections will extend to travel agencies and may even apply to real estate brokers. The GLB Act gave rulemaking and enforcement authority to the National Credit Union Administration, federal banking agencies, the Securities and Exchange Commission (SEC), the Treasury Department, and the Federal Trade Commission (FTC) according to the article The Gramm-Leach-Bliley Act.
Gramm-Leach-Bliley calls for control on the customer’s personal information and customer data. It also protects the individual from disclosure of personal information especially if the information being stored is quiet sensitive. This implies that the data security goes well beyond the storage device alone and covers a company’s policies and procedures and the hardware that maintains the storage infrastructure, (Lowe 2005) as mentioned in the article Are you in compliance with Gramm-Leach-Bliley storage requirements?
Through this policy the one can limit who can access data and on what grounds the data can be accessed. In accessing to sensitive customer’s information, this Act will also help provide accountability and control to company’s insiders that threaten customer privacy. With Gramm-Leach-Bailey Act in place, there will be safety measures to protect the customers from any unlawful act of information transfer most specially if the information includes sensitive matters such one’s tax identification number, bank account information and other related information.
Gramm-Leach-Bliley Act, Retrieved on 15 November 2007. from <http://searchcio. techtarget. com/sDefinition/0,,sid19_gci951347,00. html> Lowe, Scott. (July 26, 2005) Are you in compliance with Gramm-Leach-Bliley storage requirements? <http://articles. techrepublic. com. com/5100-9592_11-5804601. html> Privacy Initiatives. Gramm-Leach-Bliley Act. Retrieved on 15 November 2007. from <http://www. ftc. gov/privacy/privacyinitiatives/glbact. html> The Gramm-Leach-Bliley Act, Retrieved on 15 November 2007. from <http://www. privacilla. org/business/financial/glb. html>Sample Essay of Essayontime.com