The Financial Services Modernization Act of 1999 is the formal name of what we know better as the Gramm Leach Bliley Act. This act is all about the collection and sharing of consumer’s personal financial information. It was signed by President Bill Clinton and went into law on November 12, 1999 and allowed an Investment Bank, Commercial Bank, Securities firm, and Insurance Company to consolidate and act as one company and therefore share information between them.
The rules under the Gramm-Leach-Bliley Act apply not only to banks, securities firms and insurance companies but also to any company that provides financial products or services. This would include, but is not limited to, lending, brokering, or servicing any type of a consumer loan, safeguarding or transferring money, preparing tax returns, financial advising, credit counseling, any real estate settlement service and collection of consumer debts.
There are three principle parts to the privacy requirements of the GLBA. They are Safeguards Rule, Pretexting Provisions, and Financial Privacy Rule.
The first of these parts, the Safeguards Rule, requires a financial institution to create, implement, and maintain a system to protect consumer information while it is in possession of the company or it’s employees or agents. The Safeguards policy of a company must ensure the confidentiality and security of a consumer’s record. It must protect against threats or hazards to the security of a record and must protect against unauthorized access to any records that could harm or inconvenience a consumer. This is the reason that today most major banks and lenders have encrypted and several layers of password protection on their computer systems. This is often why companies opt to have company issued laptops that are not to be used for any personal use and have VPN to connect to outside internet services.
The second principle part, Pretexting Provisions, is a series of steps that a company must take to protect consumers from false, fictitious or fraudulent pretenses. This would be calling your bank or financial institution and having the representative ask you for your date of birth, last four digits of social security number, your mother’s maiden name, and address where statements are sent, etc. This process is in place to ensure that you the one requesting information, is truly the account holder.
Lastly, the Financial Privacy Rule, is in place to secure what and how information considered to be nonpublic personal information is collected and shared. Account balances and account numbers would be the most common examples of nonpublic personal data. However, information you put on an application, third party data from other sources like that of a credit report, transactional details such as payment or purchase history, and the type of financial relationship you have with particular institution also fit into the category of NPI. However, this type of information is regularly sold from one credit card company, bank, or financial institution to another. The Financial Privacy Rule restricts when and under what circumstances NPI (nonpublic personal information) can be shared to an affiliated and non-affiliated third party.
How and with whom information can be shared is dependent on whether you are a customer or a consumer. The Gramm-Leach-Bliley Act distinguishes between the two. A consumer is considered one that has obtained a financial product for a personal, household, or family reason. A customer is one with a continuing relationship with a financial institution. If you were to obtain a mortgage you would be considered a customer as that relationship is ongoing. However, if you were to cash a check or purchase a money order or cashiers check from a bank or other financial institution you would simply be a consumer.