GLBA Overview and Privacy Provisions
GLBA (Title V of the 1999 Financial Services Modernization Act) produced a Privacy Rule and a Safeguards Rule. Spurred by the U.S. Bancorp/MemberWorks data-sharing scandal, it requires institutions to secure data, give notice of sharing policies, and let consumers opt out of some sharing.
GLBA codified the late-1990s consolidation of banking, securities and insurance, raising concerns about how data would be shared among new holding companies. Privacy provisions were spurred by enforcement actions, notably the U.S. Bancorp/MemberWorks case where a bank shared account numbers with a telemarketer that then withdrew funds from accounts (a $3M Minnesota settlement in 1999).
- Store personal financial information securely.
- Provide notice of information-sharing policies.
- Give consumers the choice to opt out of sharing some personal financial information.
GLBA uses an opt-out model for sharing nonpublic personal information with nonaffiliated third parties (subject to exceptions). Contrast this with California's CFIPA opt-in requirement.