• About Government Relations
• Global Tax & Legal Resources
• U.S. Tax & Legal Resources
• U.S. Tax & Legal MasterSource
• U.S. Tax & Legal Updates
• U.S. Referral Fee Info/Interchange
• Contribute

Background

• In 1999 Congress passed the Gramm-Leach-Bliley Act (GLB)
  • Designed to protect the private information of consumers from unwanted disclosure
  • Applied to "financial institutions" in the private sector
  • No direct application to federal government operations
• GLB has two relevant parts:
  • Information privacy – this is the part, effective in 2001, which mandated consumer privacy notices and "opt – out" provisions for information sharing (the Privacy Rule)
  • Information security – effective in 2003 and 2004, which mandated procedures for safeguarding non-public personal information (the Safeguards Rule)

GLB and Information Privacy – The Privacy Rule

• Financial institutions must establish written policies on the protection of private customer information.
• The policies must be disclosed to new customers and to all customers annually thereafter. Customers have the ability to "opt-out;" that is, to deny permission to the financial institution to share such information with unaffiliated third parties.

GLB and Information Security – The Safeguards Rule

• Regulations under the act are under the jurisdiction of the Federal Trade Commission
• The Safeguards Rule is broader than the already-broad definition of "financial institutions found in the Privacy Regulations, and include organizations which may collect covered information from "financial institutions"
• The FTC says both the Safeguards Rule and the Privacy Rule apply to:
  • Organizations which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers, including lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, providing residential real estate settlement services (including brokers), and an array of other activities, including appraising real estate.
• It does not apply to the federal government, but the e-Government Act of 2002, the Privacy Act of 1974, and other laws and regulations require privacy and data protection as an integral part of overall program management
• As the relocation process becomes more complex and integrated, all segments of the industry need to regularly reassess the application of GLB to its operations.