GLBa Assessment
Gramm-Leach-Bliley Compliance arrow Security Guides Library
Thursday, 29 March 2007


  • Requires clear disclosure by all financial institutions of their privacy policy regarding the sharing of non-public personal information with both affiliates and third parties.

  • Requires a notice to consumers and an opportunity to "opt-out" of sharing of non-public personal information with nonaffiliated third parties subject to certain limited exceptions.

  • Addresses a potential imbalance between the treatment of large financial services conglomerates and small banks by including an exception, subject to strict controls, for joint marketing arrangements between financial institutions.

  • Clarifies that the disclosure of a financial institution's privacy policy is required to take place at the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship.

  • Provides for a separate rather than joint rulemaking to carry out the purposes of the subtitle; the relevant agencies are directed, however, to consult and coordinate with one another for purposes of assuring to the maximum extent possible that the regulations that each prescribes are consistent and comparable with those prescribed by the other agencies.

  • Allows the functional regulators sufficient flexibility to prescribe necessary exceptions and clarifications to the prohibitions and requirements of section 502.

  • Clarifies that the remedies described in section 505 are the exclusive remedies for violations of the subtitle.

  • Clarifies that nothing in this title is intended to modify, limit, or supersede the operation of the Fair Credit Reporting Act.

  • Extends the time period for completion of a study on financial institutions' information-sharing practices from 6 to 18 months from date of enactment.

  • Requires that rules for the disclosure of institutions' privacy policies must be issued by regulators within 6 months of the date of enactment. The rules will become effective 6 months after they are required to be prescribed unless the regulators specify a later date.

  • Assigns authority for enforcing the subtitle's provisions to the Federal Trade Commission and the Federal banking agencies, the National Credit Union Administration, the Securities and Exchange Commission, according to their respective jurisdictions, and provides for enforcement of the subtitle by the States.
Top! Top!