The FDIC has created this webpage to inform consumers about the Title V of the Gramm-Leach-Bliley Act’s (GLBA) (PDF Help) consumer provisions to ensure that financial institutions protect consumer's financial information. GLBA became law in 1999. The law applies to financial institutions, which is defined as “an entity that is engaged in an activity that is financial in nature or is incidental to financial activities.” In December 2021, in addition to banks, savings and loans, credit unions, insurance companies, and securities firms, the Federal Trade Commission (FTC) updated the definition to include:
- Retailers extending a credit card
- Dealerships leasing a car long term – longer than 90 days
- Organizations appraising real estate or personal property
- Counselors helping individuals associated with a financial institution
- Businesses printing and selling checks on behalf of customers or wiring money
- Businesses engaging in cash checking services
- Income tax return preparers
- Travel agencies
- Real estate settlement services
- Mortgage brokers
- Colleges and universities accepting Title IV funds
The new definition specifically excludes financial institutions that maintain customer information concerning fewer than five thousand customers.
GLBA privacy considerations affect consumers in the following ways:
- Financial institutions are required to: ensure the security and confidentiality of customer information; protect against any anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.
- The law requires these institutions to explain how they use and share your personal information. The law also allow you to stop or "opt out" of certain information sharing.
- The law requires that financial institutions describe how they will protect the confidentiality and security of your information.
- Updates to the law require a financial institution to have an information security program with a qualified individual to implement and supervise it.
Below are links with information regarding GLBA and consumer privacy: