ELI5: What is GLBA?
GLBA is a law that says banks and financial companies must keep your money information private and safe. They have to tell you how they use your data and protect it from bad guys.
Definition
The Gramm-Leach-Bliley Act (GLBA), enacted in 1999, is a US federal law that requires financial institutions — including banks, insurance companies, mortgage lenders, and financial advisors — to protect the confidentiality and security of nonpublic personal information (NPI) they collect from customers. GLBA’s Safeguards Rule mandates that covered institutions develop and implement an information security program, and the Privacy Rule requires disclosure of privacy practices to customers.
Key Details
- Covered entities: banks, credit unions, investment advisors, insurance companies, and other financial services firms
- Safeguards Rule: requires a written information security program with administrative, technical, and physical safeguards; updated in 2023 with more specific requirements (encryption, MFA, incident response)
- Privacy Rule: financial institutions must provide customers with privacy notices explaining what information is collected and shared
- FTC enforces GLBA for non-bank financial institutions; banking regulators (OCC, FDIC) enforce it for banks
- Exam tip: GLBA → financial institutions protecting customer nonpublic personal information; contrast with HIPAA (health) and FERPA (education)
Connections
- Parent: regulations-and-frameworks — GLBA is the primary US privacy regulation for financial services
- See also: sox-sarbanes-oxley
- See also: pii-personally-identifiable-information