Gramm-Leach-Bliley
Financial Services Modernization Act of 1999
Purpose: to repeal the Glass-Steagall Act which:
- ¨Prevented single institution from being both a commercial and consumer bank
- ¨Prevented single institution from being both a bank and insurer
nGLBA Title V – Privacy, Subtitle A – Disclosure of Nonpublic Personal Information
nSection 501(b): administrative, physical and technical safeguards
- ¨To ensure integrity and confidentiality of customer records and information;
- ¨to protect against any anticipated threats or hazards to the security or integrity of such records;
- ¨And to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
§ 6809. Definitions: The Scope of Gramm-Leach-Bliley Safeguard Rule, (Sec. 501(b) or Sec. 6801(b))
In other words, GLBA Safeguards rule doesn’t apply beyond individual customers; doesn’t include business entities as customers.
1- GLBA § 501(b) and the Interagency Guidelines pertain primarily to “nonpublic personal information” 15 USC 6801. The definition of nonpublic personal information provided by the statute includes “customer records and information” Id. a. The statute defines “nonpublic personal information” as “personally identifiable financial information: i. “Provided by a consumer to a financial institution; (emphasis added) ii. “Resulting from any transaction with the consumer or any service performed for the consumer; or iii. “Otherwise obtained by the financial institution” 15 USC 6809(4). b. The statute defines consumer as “an individual who obtains, from a financial institution, financial products or services which are to be used primarily for personal, family, or household purposes,” 15 USC 6809(9), (emphasis added).
n
n
§ 6801. Protection of nonpublic personal information
(a) Privacy obligation policy. It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.
(b) Financial institutions safeguards. In furtherance of the policy in subsection (a), each agency or authority described in section 505(a) [15 USCS § 6805(a)] shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards--
(1) to insure the security and confidentiality of customer records and information;
(2) to protect against any anticipated threats or hazards to the security or integrity of such records; and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
(a) Privacy obligation policy. It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.
(b) Financial institutions safeguards. In furtherance of the policy in subsection (a), each agency or authority described in section 505(a) [15 USCS § 6805(a)] shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards--
(1) to insure the security and confidentiality of customer records and information;
(2) to protect against any anticipated threats or hazards to the security or integrity of such records; and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
nNOTE: § 6801(b), also known as GLBA Sec. 501(b), provides the guiding principles underlying the Interagency Guidelines Establishing Information Security Standards
15 USCS § 6801, US Code Service, Title 15 Commerce & Trade, Chapter 94 Privacy, §§ 6801-6809
(See also Multi-Factor Authentication in Internet Banking; The title “Interagency Guidance” is used specifically here to refer to 12 CFR Part 30, Appendix B, however other regulatory rules also carry the moniker of “Interagency Guidance”. Care should be taken to make the distinction when necessary.)
