Gramm-Leach-Bliley Act (GLBA)

A U.S. federal law enacted in 1999 requiring financial institutions to explain information-sharing practices and protect consumer financial data. GLBA applies to companies offering financial products or services—banks, insurance companies, investment firms, mortgage lenders, and others. The law has three principal parts: the Financial Privacy Rule governing collection and disclosure of personal financial information, the Safeguards Rule requiring security programs to protect information, and the Pretexting Provisions prohibiting accessing personal information through false pretenses. GLBA requires financial institutions to provide privacy notices explaining information practices, offer opt-out rights for certain sharing, implement comprehensive security programs, and protect against unauthorized access. The FTC enforces GLBA for many financial institutions. Organizations subject to GLBA must provide annual privacy notices, implement written information security programs, conduct risk assessments, and designate individuals to coordinate security programs.