2023 IT Examiner School

Regulations & Guidance

The Gramm Leach Bliley Act (GLBA) - 1999 Title V, Subtitle A of the Gramm-Leach-Bliley Act (“GLBA”) governs the treatment of nonpublic personal information (NPPI or NPI ) about consumers by financial institutions. • Section 501 – protection of nonpublic personal information

"It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information" (Section 501(a))

• Section 502 – prohibits financial institutions from disclosing nonpublic personal information about a consumer to non-affiliated third parties, unless (i) the institution satisfies various notice and opt-out requirements; and (ii) the consumer has not elected to opt out of the disclosure • Section 503 - institutions to provide notice of its privacy policies and practices to its customers 501(b) requires each agency or authority to establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards: 1. To ensure the security and confidentiality of customer records and information; 2. To protect against any anticipated threats or hazards to the security or integrity of such records; and 3. To protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

In 2000, the Board of Governors of the FRS (“Board”), the FDIC, the NCUA, the OCC, and the former OTS, published regulations implementing provisions of GLBA governing the treatment of nonpublic personal information about consumers by financial institutions.