The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act, is a US federal law that requires financial institutions (i.e. companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance) to safeguard nonpublic personal information and explain their information-sharing practices with customers.
Back to identity glossary
Gramm-Leach-Bliley Act (GLBA)
Frequently asked questions
What is GLBA compliance?
GLBA compliance means following the requirements of the Gramm-Leach-Bliley Act (GLBA). Under this federal law, financial institutions must safeguard personal data and explain their information-sharing practices with customers.
What is the GLBA Safeguards Rule?
The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule requires companies to implement physical, administrative, and technical safeguards that reduce the risk of data compromise. It also requires written documentation of those safeguards.
What is a GLBA audit?
GLBA audits are assessments of whether a financial institution is complying with GLBA (Gramm-Leach-Bliley Act) standards. These audits can be carried out by third parties or the federal government.
What are the three key components of GLBA?
The Gramm-Leach-Bliley Act (GLBA) contains three key components: the financial privacy rule, the safeguards rule, and the pretexting provisions. The privacy rule covers data that must be protected by financial institutions, while the security rule focuses on implementing tools to defend this data. The pretexting provisions, meanwhile, prioritize reducing unauthorized access.