U.S. financial privacy is governed mainly by the FCRA (1970), GLBA (1999), and the Dodd-Frank Act (2010), which created the CFPB. Financial institutions face both restrictions on use/disclosure and mandatory disclosure duties under anti-money-laundering laws.
Banking and financial records have long been treated as confidential, both to encourage honest borrower reporting and to protect against thieves and fraudsters. This chapter covers how financial firms may collect, use and disclose personal information, plus the rules requiring them to disclose information (anti-money-laundering laws).
The chapter proceeds through the FCRA (1970, updated by FACTA in 2003), the privacy and security provisions of GLBA (1999), and the Dodd-Frank Act (2010), which created the CFPB. The CFPB now has rulemaking authority for the FCRA/FACTA and most GLBA institutions, sharing enforcement with the FTC and banking regulators.
🔑 Three pillars
FCRA/FACTA governs credit reporting; GLBA governs financial-institution data handling; Dodd-Frank created the regulator (CFPB) and added the "abusive" enforcement standard.
Key terms - quick answers
What is “FCRA”?
Fair Credit Reporting Act of 1970, the first federal law to regulate private businesses' use of personal information, governing consumer reporting agencies and consumer reports.
What is “FACTA”?
Fair and Accurate Credit Transactions Act of 2003, which substantially amended the FCRA with identity-theft and other protections.
What is “GLBA”?
Gramm-Leach-Bliley Act of 1999, supplying the general framework for confidentiality of records in the financial services sector through its Privacy Rule and Safeguards Rule.
What is “Dodd-Frank Act”?
Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, which created the Consumer Financial Protection Bureau (CFPB).