Gramm Leach Bliley Act

By Neesa Peak

The Gramm-Leach-Bliley Act (GLBA) is a federal law that regulates how personal financial data can be shared in the United States. It was originally created in 1999, but has been updated since then. It affects all organizations that have access to consumer financial data and specifies how that data can be shared with third parties and how and how much the organization has to notify the person whose data they are sharing. Our finances affect all aspects of our life so it is important for us to understand who has access to them and what they can do with that information.

GLBA specifically regulates all consumer information that is not already public. This includes full names, addresses, social security numbers, credit scores and more; information that is necessary to complete a financial transaction that is sensitive. GLBA differentiates between a consumer, who has only used the services of a financial institution on a couple of occasions, and a customer, who regularly uses the institution's services.

Under most circumstances both consumers and customers are entitled to both a notification and a chance to opt-out if the financial organization decides to share their personal information with a third party. However, if a customer requests a service that necessitates the institution to share the information with a third party or for some sort of legal requirement (the customer’s lawyer for instance or to protect against fraud) the institution does not have to send the customer the prerequisite notices.

The financial institution does have to make sure that both consumers and customers will most likely receive any notices they are sent. This includes making sure that the privacy policy of the institution is made available to consumers before when they first use the services of the institution and a reasonable opportunity and way to opt out if the institution is going to share a consumer’s data. The rules for sharing customer data are more stringent, including a requirement that the company’s privacy policy is made available to customers multiple times while they are using the institution's services.

It is worth noting that GLBA only covers how and in what way financial institutions can share personal financial information with third parties. It does not regulate things like data mining when someone signs into a financial account as the holder of the account and accesses their data that way. It also specifically states that it does not in any way supersede state laws.

We have to entrust our financial data to various organizations throughout our lives. Given the importance of our finances on how we live in this society, it is worth knowing about the laws and regulations that affect how our financial information can be shared. The Gramm-Leach-Bliley Act is one law out of many, but it still impacts millions of people.

Sources:

“Gramm-Leach-Bliley Act (Privacy of Consumer of Financial Information).” Title V, Subtitle A, VIII—Privacy GLBA, 2011. Accessed May 15, 2025. https://www.fdic.gov/regulations/compliance/manual/8/viii-1.1.pdf