What is the Gramm-Leach-Bliley Act?

The Gramm-Leach-Bliley Financial Modernization Act of 1999 (GLB) requires companies to give consumers privacy notices that explain the financial institutions’ information-sharing practices. In turn, you have the right to limit some – but not all – sharing of your information. Financial institutions such as banks, credit unions, mortgage companies, finance companies, insurance companies and investment firms must provide their privacy policy to you, if you do business with them.

A company’s obligations under the Gramm-Leach-Bliley Act depend on whether the company has consumers or customers who obtain its services. A consumer has no business relationship with the financial institution.  A customer is a consumer with a continuing relationship with a financial institution.  Why is the difference between consumers and customers so important? Because only customers are entitled to receive a financial institution’s privacy notice automatically. Consumers are entitled to receive a privacy notice from a financial institution only if the company shares the consumers’ information with companies not affiliated with it.

The privacy notice must be a clear, conspicuous, and accurate statement of the company’s privacy practices; it should include what information the company collects about its consumers and customers, with whom it shares the information, and how it protects or safeguards the information. The notice applies to the “nonpublic personal information” the company gathers and discloses about its consumers and customers; in practice, that may be most – or all – of the information a company has about you. For example, nonpublic personal information could be information that a consumer or customer puts on an application; information about the individual from another source, such as a credit bureau; or information about transactions between the individual and the company, such as an account balance. Information that the company has reason to believe is lawfully public – such as mortgage loan information in a jurisdiction where that information is publicly recorded – is not restricted by the Gramm-Leach-Bliley Act.

Can’t Opt-Out

Consumers and customers have the right to opt out of – or say no to – having their information shared with certain third parties. The Gramm-Leach-Bliley Act provides no opt-out right in the following situations:

If it shares information with its affiliates, which is an entity controlled by the company, you can’t opt out.

If the financial institution shares information with outside companies that provide essential services like data processing, credit reporting agencies, check printing firms or servicing accounts, you can’t opt out.

If the disclosure is legally required, you can’t opt out.

If the financial institution shares customer data with another company under a joint marketing agreement that promises to keep the data confidential, you can’t opt out.

The Federal Trade Commission has authority to enforce the law with respect to “financial institutions” that are not covered by the federal banking agencies, the Securities and Exchange Commission, the Commodity Futures Trading Commission, and state insurance authorities. The law requires that financial institutions protect information collected about individuals; it does not apply to information collected in business or commercial activities.

Credit Damage Expert, John Ulzheimer, is the President of Consumer Education at SmartCredit.com, the credit blogger for Mint.com, and a Contributor for the National Foundation for Credit Counseling.  He is an expert on credit reporting, credit scoring and identity theft. Formerly of FICO, Equifax and Credit.com, John is the only recognized credit expert who actually comes from the credit industry.  Follow him on Twitter here.

Categorised in: Civil Penalty, Credit Cards, Credit Report, Government, Money & Identity

This post was written by John Ulzheimer