Jump to: Current Customers | Main Menu | Content | Footer


What is Gramm-Leach-Bliley?

Information about the Gramm-Leach-Bliley Act of 1999


What is Gramm-Leach-Bliley?

The Gramm-Leach-Bliley Act (commonly called GLB or GLBA) is also known as the Financial Modernization Act of 1999. The GLB Act includes provisions to protect all consumers’ personal financial information held by financial institutions. Wikipedia's information on the Gramm-Leach-Bliley Act of 1999.

How are email records involved?

Today, the vast majority of organizations use email to communicate internally and as a vehicle for the exchange of documents and correspondence between businesses and consumers. Since personal financial information can be transmitted by and retained in electronic formats, it is critical to ensure that the management of such records complies with GLB.

What organizations are impacted?

The GLB Act applies to “financial institutions” – businesses that offer financial products or services to individuals to be used primarily for their personal, family, or household purposes. Financial institutions include, for example, banks, securities firms and insurance companies; such entities are covered by the SEC (Securities and Exchange Commission). Businesses that provide many other types of financial products and services to consumers fall under jurisdiction of the FTC (Federal Trade Commission) for the purposes of enforcing GLB. These non-traditional “financial institutions” include, but are not limited to, state-registered investment advisors, professional tax preparers, auto dealers engaged in financing or leasing, electronic funds transfer networks, mortgage brokers, credit counselors, real estate settlement companies, retailers that issue credit cards to consumers, consumer debt-collecting firms, payday lenders and check-cashing businesses.

What are the penalties for non compliance with Gramm-Leach-Bliley?

Violation of GLBA may result in a civil action brought by the U.S. Attorney General. The penalties include those for the financial institution of up to $100,000 for each violation. In addition, “the officers and directors of the financial institution shall be subject to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation”. Criminal penalties may include up to 5 years in prison.

What are the requirements of Gramm-Leach-Bliley?

The provisions include:

  • Financial Privacy Rule This rule requires that financial institutions provide consumers with privacy notices describing how they use and disclose consumers’ personal information. The notices must be provided to customers at the time the consumer relationship is established and annually thereafter. The notice must also let consumers know about their right to “opt-out” of having their information shared with unaffiliated parties. The unaffiliated parties receiving the nonpublic information are held to the same acceptance terms of the consumer as under the original relationship agreement.
  • Safeguards Rule This rule requires financial institutions to have reasonable policies and procedures to ensure the security and confidentiality of customer information (for both current and former customers). The plan must include denoting at least one employee to manage the safeguards, doing a risk analysis on current processes, developing and monitoring a program to secure the information, and making adjustments to the security plan as needed.
  • Pretexting Protection Pretexting occurs when someone tries to gain access to personal information without the proper authority to do so. The financial institution must take all precautions necessary to protect and defend the consumer and associated nonpublic information.

InboxSolutions Blog LogoRead the InboxSolutions Blog
Who we are, what we're thinking, how we're working hard to bring you the best possible email service.
InboxSolutions Community LogoInboxSolutions Community
Read up on our technology, our services, and ask questions.