The Gramm-Leach-Bliley Act, or GLBA, was enacted on November 12, 1999, to reform the financial services industry and address concerns relating to consumer financial privacy. The Act’s primary purpose is to ensure that financial institutions safeguard the confidentiality of non-public personal information (NPPI) gathered from consumers’ records.
GLBA is based upon two main sections: the Financial Privacy Rule and the Safeguards Rule . The Privacy Rule requires financial institutions to notify consumers about their information-sharing practices and explain to them their right to "opt-out.” The Safeguards Rule requires financial institutions and their affiliates to have necessary administrative, technical, and physical measures to keep customer information secure.
In addition to protecting consumer financial information, organizations under GLBA must also take measures to detect and prevent incidents.