), was designed to regulate the disclosure and protection of nonpublic personal information (NPI) collected by a financial institution from an individual in order to obtain a financial product or service from the institution for personal, family, or Lina M. Khan was sworn in as Chair of the Federal Trade Commission on June 15, 2021. Section 6801 et seq. Text for H.R.2714 - 118th Congress (2023-2024): To repeal certain provisions of the Gramm-Leach-Bliley Act and revive the separation between commercial banking and the securities business, in the manner provided in the Banking Act of 1933, the so-called "Glass-Steagall Act", and for other purposes. L. 111203, set out as a note under section 552a of Title 5, Government Organization and Employees. <> Search the Legal Library instead. The Digital Guardian blog breaks down some of the specific steps that companies covered by the GLBA should take so as to get their house in order and ensure that they're in compliance with this Rule. The Gramm-Leach-Bliley Act requires financial institutions companies that offer consumers financial products or services like loans, financial or investment advice, or insurance to explain their information-sharing practices to their customers and to safeguard sensitive data. No appropriate Federal banking agency, by regulation, order, interpretation, or other action, and no court within the United States may construe the paragraph designated the Seventh of section 5136 of the Revised Statutes of the United States (12 U.S.C. S.900 - Gramm-Leach-Bliley Act 106th Congress (1999-2000) Law Hide Overview . WebThe Gramm Leach Bliley Act (GLBA) is a comprehensive, federal US law enacted to control the way financial institutions handle customers personal information. It may seem a bit strange at first that a financial services law has such a profound impact on IT and data security. History books, newspapers, and other sources use the popular name to refer to these laws. is amended by inserting after section 502 the following: 502A. 1841) is amended by striking subsection (p). H. R. 2714. by redesignating paragraph (5) as paragraph (3). 0000001050 00000 n !`MBq!O!Xe=xB7p4IjPw 0jb7cZ5>$. This Act creates a new Federal private cause of action and Federal subject matter jurisdiction for a beneficiary of a covered policy to bring a civil action against the insurer for the covered policy or a related company of the insurer to recover proceeds due under the covered policy or otherwise to enforce any rights under the covered policy. 112 0 obj << /Linearized 1 /O 115 /H [ 1050 560 ] /L 104808 /E 30824 /N 18 /T 102449 >> endobj xref 112 22 0000000016 00000 n 510 GRAMM-LEACH-BLILEY ACT14 (8) STATE INSURANCE AUTHORITY.The term State insur- ance authority means, in the case of any person engaged in providing rZ Subparagraph (A) shall not apply with respect to service by any individual which is otherwise prohibited under such subparagraph if the appropriate Federal banking agency determines, by regulation with respect to a limited number of cases, that service by such individual as an officer, director, employee, or other institution-affiliated party of any insured depository institution would not unduly influence the investment policies of the depository institution or the advice the institution provides to customers. The Gramm-Leach-Bliley Act (GLBA), signed into law last November, authorized the certification of financial holding companies, the structure that looks to be the main vehicle for linking commercial banks with securities firms, insurance firms, and merchant banking. Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. By joining our advisory group, you can help us make GovTrack more useful and engaging to young voters like you. 335) is amended by striking the last sentence. 1. <> WebAct of 1956 (12 U.S.C. 6804(a)(1), to develop a model form.The CFTC, which did not become subject to Title V of the GLB Act until 2000, is not Definition of activities closely related to banking. 8 0 obj %PDF-1.5 % 11494, 129 Stat. 6701(g)). One, a reference to a Public Law number, is a link to the bill as it was originally passed by Congress, and will take you to the LRC THOMAS legislative system, or GPO FDSYS site. 1338, enacted November 12, 1999) is an act of the by redesignating clauses (ii), (iv), (vi), (viii), and (ix) as clauses (i), (ii), (iii), (iv), and (v), respectively. Gramm-Leach-Bliley Act (Privacy of Consumer Financial Information) Introduction . Our public interest mission means we will never put our service behind a paywall. Element 9: For an institution or servicer maintaining student information on 5,000 or more consumers, addresses the requirement for its Qualified Individual to report regularly and at least annually to those with control over the institution on the institutions information security program (16 C.F.R. This is information that a financial institution collects when providing a financial product or service that can identify an individual and that isnt otherwise publicly available. Are you up on what the revised Rule requires? The list of businesses that fall under this heading is broad, and includes debt collectors, real estate appraisers, automobile dealers, and even higher education institutions, which maintain bursar accounts for students and administer student loans. 24a) is amended to read as follows: In the case of a national bank which, pursuant to the amendments made by paragraph (1), is no longer authorized to control or be affiliated with a financial subsidiary as of the date of the enactment of this Act, such affiliation shall be terminated as soon as practicable and in any event no later than the end of the 2-year period beginning on such date of enactment. Title V, subtitle A, of this Act (15 U.S.C. Element 6: Addresses how the institution or servicer will oversee its information system service providers (16 C.F.R. 0000004180 00000 n II. To achieve the GLBA objectives, institutions and servicers are required to develop, implement, and maintain a written, comprehensive information security program. The Gramm-Leach-Bliley Act required the Federal Trade Commission (FTC) and other government Competition and Consumer Protection Guidance Documents, The FTC Safeguards Rule requires covered companies to develop, implement, and maintain an information security program. The Board of Governors of the Federal Reserve System, after opportunity for hearing, may terminate, at any time, the authority conferred by the preceding subparagraph to continue any affiliation subject to such subparagraph until the end of the period referred to in such subparagraph if the Board determines, having due regard to the purposes of this Act, that such action is necessary to prevent undue concentration of resources, decreased or unfair competition, conflicts of interest, or unsound banking practices, and is in the public interest. When it comes to data security and privacy compliance requirements under the GLBA, there are three main sets of regulationseach called a Rule in regulation-speakthat IT needs to worry about: the Financial Privacy Rule, the Safeguard Rule, and the Pretexting Rule. "z0:jy+^2>yA8#4o ZZ'n{hI~B^[ _CEukV.aZ: Fke\~NU7rh6V-K@% ;#8]VRU`ixsd#My:W BG;Jmwai`J SVzsAH>'o`K|;3@n7c4K3qNZKCyI[L(*LCYW\ytgRCBeEkz.0;e=(i'm;hX ]j`K;{'J2'~#%mc6BZp"37;&1uTr}*eUOf^>!Iu^.IkJJPaxxQ HY=Aw4-zHZ xU:NgO?2*4%Y)w/icu@oCRZ6u3 t6h" A;)sf5bbx6Gx0=(jfXaFBC&Gd*4Pe}LxUF(LnmOTUsyIqpY( Or, as another example, if you apply for a loan at Bank C and have no pre-existing relationship with them, you're still only considered a consumer; you become a customer only if the loan is approved and you receive the money. You'll find three types of link associated with each popular name (though each law may not have all three types). In Dear CPA LetterCPA-19-01, the Office of Inspector General (OIG) explained the audit procedures for auditors to determine whether institutions were complying with GLBA. 1844) is amended by striking subsection (g). When it comes to the Privacy Rule, the GLBA makes a distinction between different types of people a company interacts with. WebThe Gramm Leach Bliley Act (GLBA) is a law that applies to financial institutions and includes privacy and information security provisions that are designed to protect consumer financial Title V, Subtitle A of the Gramm-Leach-Bliley Act (GLBA) 1 . Memo from Chair Lina M. Khan to commission staff and commissioners regarding the vision and priorities for the FTC. And as we said before, a particular law might be narrow in focus, making it both simple and sensible to move it wholesale into a particular slot in the Code. The Department will issue guidance on NIST 800-171 compliance in a future Electronic Announcement, but again encourages institutions to begin incorporating the information security controls required under NIST 800-171 into the written information security program required under GLBA as soon as possible. Sometimes classification is easy; the law could be written with the Code in mind, and might specifically amend, extend, or repeal particular chunks of the existing Code, making it no great challenge to figure out how to classify its various parts. Financial institutions covered by the Gramm-Leach-Bliley Act must tell their customers about their information-sharing practices and explain to customers their right to "opt out" if they don't want their information shared with certain third parties. 1 0 obj G lfD ] _#1WL~3"n[d^'Zv;f;Yah~9yea19I>~T{[1dK@=?Z~ax>8D;bc&aoF SB;\R )jmAX4p& Use our visualizations to explore scam and fraud trends in your state based on reports from consumers like you. It is the responsibility of the organization to enforce the compliance recommendations at their discretion.". The objectives of the GLBA standards for safeguarding information are to . If youve visited a bill page on GovTrack.us recently, you may have noticed a new study guide tab located just below the bill title. Statement Regarding the Termination of CalPortland Companys Attempted Acquisition of Assets Owned by Rival Cement Producer Martin Marietta Materials, Inc. Is Franchising Fair? on this bill on a six-point scale from strongly oppose to strongly support. WebV, Gramm-Leach-Bliley Act (15 U.S.C. Each time the Board of Governors of the Federal Reserve System, the Comptroller of the Currency, or another appropriate Federal banking agency makes a determination or an extension under subparagraph (B) or (C) of paragraph (2) or (3) of section 18(bb) of the Federal Deposit Insurance Act (as added by section 2(a)) or subparagraph (B) or (C) of subsection (a)(2) or (b)(2) of section 3, as the case may be, the Board, Comptroller, or agency shall promptly submit a report of such determination or extension to the Congress.