The Financial
Modernization Act of 1999, also known as the "Gramm-Leach-Bliley
Act" or GLB Act, includes provisions to protect
consumers’ personal financial information held by
financial institutions. There are three principal parts
to the privacy requirements: the Financial Privacy
Rule, Safeguards Rule and pretexting provisions.
The GLB Act gives authority to eight federal agencies
and the states to administer and enforce the Financial
Privacy Rule and the Safeguards Rule. These two
regulations apply to "financial institutions," which
include not only banks, securities firms, and insurance
companies, but also companies providing many other
types of financial products and services to consumers.
Among these services are lending, brokering or
servicing any type of consumer loan, transferring or
safeguarding money, preparing individual tax returns,
providing financial advice or credit counseling,
providing residential real estate settlement services,
collecting consumer debts and an array of other
activities. Such non-traditional "financial
institutions" are regulated by the FTC.
The Financial Privacy Rule governs the collection and
disclosure of customers' personal financial information
by financial institutions. It also applies to
companies, whether or not they are financial
institutions, who receive such information.
The Safeguards Rule requires all financial institutions
to design, implement and maintain safeguards to protect
customer information. The Safeguards Rule applies not
only to financial institutions that collect information
from their own customers, but also to financial
institutions "such as credit reporting agencies" that
receive customer information from other financial
institutions.
The Pretexting provisions of the GLB Act protect
consumers from individuals and companies that obtain
their personal financial information under false
pretenses, a practice known as "pretexting."
