Gramm-Leach-Bliley Act

The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. Gramm-Leach-Bliley Act requires financial institutions to implement the appropriate technical, physical and administrative safeguards to preserve the privacy of customer information, protect against potential threats, and prevent unauthorized access to customers’ private data. Institutions are restricted from disclosing personal information without notifying customers properly and must allow customers to “opt out” of sharing non-public personal information with third parties not affiliated with the institution.


These regulations apply to "financial institutions," which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities. Such non-traditional “financial institutions” are regulated by the FTC.


The Financial Privacy Rule governs the collection and disclosure of customers’ personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information. For a summary overview of the Financial Privacy Rule, see In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley Act.


The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions – such as credit reporting agencies – that receive customer information from other financial institutions.



The Pretexting provisions of the GLB Act protect consumers from individuals and companies that obtain their personal financial information under false pretenses, a practice known as “pretexting.”