Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a U.S. federal law that governs how financial institutions handle the private information of individuals. The act was designed to protect consumer privacy while allowing financial institutions to offer a range of services. The GLBA has three key components:

• This rule requires financial institutions (which includes auto dealerships offering loans or financial services) to provide consumers with a privacy notice explaining what information is collected, how it is shared, and with whom.
• Consumers must be given the option to opt out of sharing their information with certain third parties.

• This rule mandates that financial institutions develop, implement, and maintain a comprehensive written information security plan to protect the privacy of customer data.
• The plan should cover how the dealership will secure personal and financial information from unauthorized access or misuse.
• It includes assessing risks to customer data, implementing safeguards, and regularly evaluating the effectiveness of these protections.

• The GLBA makes it illegal to engage in pretexting, which is obtaining personal financial information under false pretenses. This provision is aimed at protecting consumers from identity theft and fraud.

To comply with the GLBA, institutions must:

• Conduct regular risk assessments to identify and address vulnerabilities in their systems.
• Develop and maintain a written information security program that includes physical, administrative, and technical safeguards.
• Provide privacy notices to customers and inform them of their opt-out rights.
• Ensure that third-party vendors with access to customer information meet data protection requirements.
• Train employees on security policies and practices to prevent unauthorized access or disclosure of information.