Gramm-Leach-Bliley Act of 1999 (GLB)
GLB was signed into law November 12th, 1999 with a goal to modernize the nation’ financial services industries, updating the ways financial companies are allowed to do business, and take advantage of advanced technologies. As a result of GLB, the need to protect the integrity and privacy of customer data were highlighted.
Title V of GLB focuses specifically on privacy and the protections of customer data. It requires specific privacy and security measures be in place at financial institutions by July 1, 2001. The act applies to all national banks and the federal branches of foreign banks that are subject to the supervision of the Federal Reserve System, the Office of Thrift Supervision, the Office of the Comptroller of the Currency, or the Federal Deposit Insurance Corporation.
Section 501 of Subtitle A of Title V, entitled Protection of Nonpublic Personal Information, limits the instances in which financial institutions may disclose nonpublic personal information about a customer to nonaffiliated third parties, requires them to disclose certain privacy policies and practices as well as establish safeguards to protect that information.
Subtitle A, Section 501a states: Each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.
Subtitle B, Section 501b states: Each agency shall establish appropriate standards for the financial institutions within their jurisdiction relating to administration, technical, and physical safeguards:
The Interagency Security Guidelines require each financial institution “Implement a comprehensive written information security program that includes administrative, technical, and physical safeguards.” The following are the basic elements every institution must apply in developing a comprehensive information security program.
These guidelines emphasize that the security of customer information is not a discrete event, but an ongoing and dynamic process that must be maintained and adjusted.
Using Pivot Group to Assist with GLB Compliance
For more information about GLB, please refer to our Resource Guide.