Gramm–Leach–Bliley Act (GLBA)

The Gramm–Leach–Bliley Act governs the collection, disclosure and protection of customers’ personal information by financial institutions. Find out what this means for your business.

What is the Gramm–Leach–Bliley Act (GLBA)?

The GLBA, also known as the Financial Services Modernization Act, affects all institutions that offer financial services or products. Affected companies need to understand and comply with the act’s requirements to explain their disclosure practices and safeguard their customers’ sensitive data. Let Access help.


Why was the GLBA developed?

The Gramm–Leach–Bliley Act was developed to govern the collection, disclosure and protection of the personal information gathered by financial institutions about their customers. The act is composed of three sections – the Financial Privacy Rule, Safeguards Rule and Pretexting provisions – that detail the requirements that must be met in order to maintain compliance.

The GLBA applies to all financial institutions, including but not limited to:

  • Banks
  • Mortgage/Loan Brokers
  • Real Estate Appraisers
  • Debt Collectors
  • Tax Preparation Businesses and Accountants
  • Auto Dealers
  • Check-cashing Businesses and ATM Operators
  • Insurance Companies

In general, the GLBA applies to all services associated with consumer loans, transferring or safeguarding money, providing credit counseling or other financial advice, collecting consumer debts, and an array of other financial activities, regardless of whether the institution providing the service is listed above.


What does this have to do with records management?

More than you may think.

Financial Privacy Rule: This rule regulates the collection and disclosure of financial information belonging to consumers, and requires relevant institutions to provide privacy notices at the time a consumer relationship is established, as well as annually after that.

In relation to a records management strategy, financial institutions need to securely and efficiently distribute documents to their customers.

Safeguards Rule: This rule requires financial institutions to design, implement and monitor a safeguards program to protect consumer information. The program must describe how the company currently protects, and will continue to protect, their clients’ information from unauthorized disclosure, use, alteration or destruction.

Given the challenges and risks associated with information processing, storage, transmission and retrieval, secure storage solutions and encrypted online interfaces are imperative to a compliant safeguards program.

Pretexting Provisions: These provisions prohibit the practice of pretexting (accessing private information through the use of false pretenses).

By limiting and tailoring access levels, and tracking user activity, through a secure data repository, financial institutions can reduce instances of pretexting. 


How can Access Records Management Help?

Access’ secure record centers and encrypted infrastructure can provide the protection and regulatory adherence needed for financial institutions to comply with the Gramm–Leach–Bliley Act.

  • We can help you create and implement customized and scalable retention and destruction programs to protect your client’s private information.
  • We will tailor access levels for your records and monitor all activity within them to provide a clear audit trail.
  • We will follow regulatory developments related to the GLBA so that we can quickly update our procedures and assure your continued compliance.

Find out how our comprehensive solutions can also ensure your compliance with other state and federal regulations.

Learn More