Privacy Rules for Financial Companies
The Gramm-Leach-Bliley (GLB) Act protects consumers' personal financial information held by financial institutions, including band non-bank companies engaged in consumer loans, mortgages, tax preparation and returns, debt collection, credit counseling, and related businesses that deal with personal financing. There are three principal parts to the GLB's privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions enforced by the Federal Trade Commission.
The Financial Privacy Rule requires financial institutions to give their customers privacy notices that explain the financial institution's information collection and sharing practices. In turn, customers have the right to limit some sharing of their information. Also, financial institutions and other companies that receive personal financial information from a financial institution may be limited in their ability to use that information.
The Safeguards Rule, enforced by the Federal Trade Commission, requires financial institutions to have a security plan to protect the confidentiality and integrity of personal consumer information.
Pretexting is the use of false pretenses, including fraudulent statements and impersonation, to obtain consumers' personal financial information, such as bank balances. This law also prohibits the knowing solicitation of others to engage in pretexting.
The following resources provide information and assistance for businesses engaged in banking and consumer finance activities:
- Gramm-Leach Bliley Act : An Overview
Provides an overview of the Gramm-Leach-Bliley Act, which includes provisions to protect consumers. personal financial information held by financial institutions. This guide discussed three principal parts to the Act's privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions. - How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act
This guide is aimed at giving small business owners a detailed information to help them comply with the Privacy Rule's requirements for protecting consumer financial information. It was written for businesses that provide financial products or services to individuals for personal, family, or household use.
- Financial Institutions and Customer Information : Complying with the Safeguards Rule
The Gramm-Leach-Bliley (GLB) Act requires companies defined under the law as "financial institutions" to ensure the security and confidentiality of customer data including names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers.
The Federal Financial Institutions Examination Council (FFIEC)'s Authentication in an Internet Banking Environment describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using online products and services. Examiners will review this area to determine a financial institution's progress in complying with this guidance during upcoming examinations.
- Protecting Financial Information
Education and guidance to help financial companies comply with the Safeguard Rule - E-Commerce Guide
Small business guide to regulations governing online businesses
- Donald Clark
Secretary
Office of General Counsel
Phone: 202-326-2514
TTY/TTD: 866-653-4261
Email: dclark@ftc.gov - Christian White
General Counsel for Legal Counsel
Office of General Counsel
Phone: 202-326-2476
TTY/TTD: 866-653-4261
Email: cwhite@ftc.gov