1787, codified at 15 U.S.C. This is information that a financial institution collects when providing a financial product or service that can identify an individual and that isnt otherwise publicly available. "6hfeLT*RWCW\O^ ~UTdhD/~p(&uJUCPu~}12k$kKq!/ uC}$Bw5C|W?3pK%>S@aMiVe+JS\5vP tVZ_XOh%$ HX6fZE,)HYPo6|QZBJ%0LNNJP$@z7E+F+#}S`2?1$T&M_f ~H?Ld:92#h-2ipM#7$2`1U;V]Gobek~C&/w|udk7a+!H` 314.4(b)). The site is secure. <>stream If you have questions regarding any of the GLBA requirements, please contact the FTC at 202-326-2222. Young Americans have historically been the least involved in politics, despite the huge consequences policies can have on them. Postsecondary institutions and third-party servicers must protect student financial aid information provided to them by the Department or otherwise obtained in support of the administration of the Federal student financial aid programs (Title IV programs) authorized under Title IV of the Higher Education Act of 1965, as amended (HEA). 78c(a)(4)(B)) is amended, by striking clauses (i), (iii), (v), (vii), (x), and (xi); and. G lfD ] _#1WL~3"n[d^'Zv;f;Yah~9yea19I>~T{[1dK@=?Z~ax>8D;bc&aoF SB;\R )jmAX4p& 1843) is amended by striking subsections (k), (l), (m), (n), and (o). Under the Dodd-Frank Act, this rulemaking authority transferred to the Bureau of Consumer Financial Protection (except with respect to certain motor vehicle dealers), but the FTC continues to have enforcement authority. Our public interest mission means we will never put our service behind a paywall. The reasoning of the Supreme Court of the United States in the case referred to in paragraph (1) with respect to sections 20 and 32 of the Banking Act of 1933 (as in effect prior to the date of the enactment of the Gramm-Leach-Bliley Act) shall continue to apply to subsection (bb) of section 18 of the Federal Deposit Insurance Act (as added by subsection (a) of this section) except to the extent the scope and application of such subsection as enacted exceed the scope and application of such sections 20 and 32. Statement Regarding the Termination of CalPortland Companys Attempted Acquisition of Assets Owned by Rival Cement Producer Martin Marietta Materials, Inc. Is Franchising Fair? The general public may be most aware of the GLBA in the context of debates as to whether it helped cause the 2008 subprime mortgage crisis, but for IT professionals, it's much better known for the data security and privacy mandates it imposes on a wide range of companies and organizations, even beyond the banking industry. Or, as another example, if you apply for a loan at Bank C and have no pre-existing relationship with them, you're still only considered a consumer; you become a customer only if the loan is approved and you receive the money. <>stream We enforce federal competition and consumer protection laws that prevent anticompetitive, deceptive, and unfair business practices. Part 314. Act Hopefully our description of the GLBA's broad reach makes it clear why the Department of Education is involved in enforcing a financial service law. Responsible individuals at those institutionsgenerally company officers or members of the board of directorscan be personally fined up to $10,000 for each violation, Those individuals may also be sentenced to up to 5 years in prison. 106-102, 113 Stat. V0! Definition of activities closely related to banking. 2'4R!`Y# !;_V.|r,/u;^Iq8yB^ug! Webwashington state law library; town center east, building 3 243 israel road se tumwater, wa 98501 (360) 357-2136; mail: p.o. We find that the law has a differential impact across the financial services industry. The GrammLeachBliley Act (GLBA) provides customers to have secured information by financial institutions. Copyright 2023 IDG Communications, Inc. CSO provides news, analysis and research on security and risk management, Security and privacy laws, regulations, and compliance: The complete guide. On December 9, 2021, the Federal Trade Commission (FTC) issued final regulations (Final Rule) to amend the Standards for Safeguarding Customer Information (Safeguards Rule), an important component of the Gramm-Leach-Bliley Acts (GLBA) requirements for protecting the privacy and personal information of consumers. Part 314. An official website of the United States government. Title V, subtitle A, of this Act (15 U.S.C. Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements, (GENERAL-23-09) 4 0 obj 6801-6809, 6821-6827, Competition and Consumer Protection Guidance Documents, An Inquiry into Cloud Computing Business Practices: The Federal Trade Commission is seeking public comments. Therefore, an institution that does not provide for the security of the information it needs to continue its operations would not be administratively capable. Sometimes these names say something about the substance of the law (as with the '2002 Winter Olympic Commemorative Coin Act'). Please sign up for our advisory group to be a part of making GovTrack a better tool for what you do. Statement Regarding the Termination of CalPortland Companys Attempted Acquisition of Assets Owned by Rival Cement Producer Martin Marietta Materials, Inc. Is Franchising Fair? 6804(a)(1), to develop a model form.The CFTC, which did not become subject to Title V of the GLB Act until 2000, is not Before the GLBA, these kinds of scams could only be prosecuted under other laws about fraud or false pretenses that didn't always exactly match up with attackers' specific techniques. ]JX9&TN:pP2U:'%#yqQ_ ,0C5)4KzOD^W [~A5R&16 uveAgH)djZ^rM_8#!yVxW5B$} W(hgV9&O|"jJBk=DP N?nxs!]I)$y@qK endstream endobj 122 0 obj << /Filter [ /ASCII85Decode /FlateDecode ] /Length 312 /Subtype /Type1C >> stream The Federal Deposit Insurance Act is amended by striking section 46 (12 U.S.C. WebIn 2006, the Financial Services Regulatory Relief Act (Relief Act) amended the GLBA. Privacy of Consumer Financial Information Rule Under the Gramm-Leach-Bliley Act A Rule by the Federal Trade Commission on 12/09/2021 Document Details Printed Also, Sections 131-133 of the Act (15 U.S.C. The GLBA is also known as the Financial Services Modernization Act of 1999. The Gramm-Leach-Bliley Act (GLB Act) of 1999 sought to provide new rules for financial privacy. 4. 6801 et seq.) WebText for S.900 - 106th Congress (1999-2000): Gramm-Leach-Bliley Act. Slaughter, FTC Safeguards Rule: What Your Business Needs to Know, FTC's Privacy Rule and Auto Dealers: FAQs, How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act, Compliance deadline for certain revised FTC Safeguards Rule provisions extended to June 2023, New publication offers guidance on revised FTC Safeguards Rule, Updating you on FTC privacy and data security initiatives, Corporate boards: Dont underestimate your role in data security oversight, Application of Title V, Subtitle A, of the G-L-B Act, and of the Commission's Privacy Rule, to Attorneys At Law, Ascension Data & Analytics, LLC, In the Matter of, LightYear Dealer Technologies, LLC, In the Matter of, FTC v. Global Mortgage Funding, Inc., et al., SACV 02-1026 DOC, __________________, a minor, also known as _______________, by his parent ____________, Fajilan and Associates, Inc., also d/b/a Statewide Credit Services, In the Matter of, James B. Nutter & Company, a corporation, in the Matter of, Premier Capital Lending, Inc., et al., In the Matter of, American United Mortgage Company., United States of America (for the FTC), Nations Title Agency, Inc., Nations Holding Company, and Christopher M. GLBA consumer vs. customer. 314.4(g)). ); (3)AAa covered entity or business associate governed by the privacy, security, and breach notification rules issued Text of H.R. 2714: Return to Prudent Banking Act of 2023 Part 314 use the terms customer and customer information. For the purpose of an institutions or servicers compliance with GLBA, customer information is information obtained as a result of providing a financial service to a student (past or present). Were looking for feedback from educators about how GovTrack can be used and improved for your classroom. The Gramm-Leach-Bliley Act (GLBA) generally requires that financial institutions send annual privacy notices to customers. Element 7: Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances thatit knows or has reason to know mayhave a material impact the information security program (16 C.F.R. Federal government websites often end in .gov or .mil. H.R.2714 - 118th Congress (2023-2024): To repeal certain provisions of the Gramm-Leach-Bliley Act and revive the separation between commercial banking and the securities business, in the manner provided in the Banking Act of 1933, the so-called "Glass-Steagall Act", and for other purposes. Subtitle B of Title V (15 U.S.C. VIII. Privacy GLBA - Federal Deposit Insurance Corporation And starting in 2019 well be tracking Congresss oversight investigations of the executive branch. A BILL To amend the Gramm-Leach-Bliley Act to establish procedures for disclosures by financial institutions of nonpublic personal information, and for other purposes. 1 This guide was prepared by the staff of the U.S. Securities and Exchange Commission as a "small entity compliance guide" under Section 212 of the Small Business Regulatory Enforcement Fairness Act of 1996, as amended. Subject to a determination under subparagraph (B), an appropriate Federal banking agency may extend the 2-year period referred to in subparagraph (A) from time to time as to any particular insured depository institution for not more than 6 months at a time, if, in the judgment of the agency, such an extension would not be detrimental to the public interest, but no such extensions shall in the aggregate exceed 1 year. These notices must describe the privacy practices of financial institutions, including whether and how they share customers nonpublic personal information. Subject to a determination under subparagraph (B), the Comptroller of the Currency may extend the 2-year period referred to in subparagraph (A) above from time to time as to any particular national bank for not more than 6 months at a time, if, in the judgment of the Comptroller, such an extension would not be detrimental to the public interest, but no such extensions shall in the aggregate exceed 1 year. As the name suggests, the purpose of the Federal Trade Commissions Standards for Safeguarding Customer Information the Safeguards Rule, for short is to ensure that entities covered by the Rule maintain safeguards to protect the security of customer information. Learn more about your rights as a consumer and how to spot and avoid scams. Download PDF. Interagency Guidelines Establishing Information Security HW[S~o-|SI@a[`Vq;,O$;NmqI}3 c`~0B t1T'0]c6D(6vp>t-1z-sqn.ax=j-T;mY>qI6a6Z7jIoJQUrc01Q(4@> Dy" )v{QuZPoRA%4._`xJWiJ5UfI,WcKEE)U:R.kXGuDSP:-wMWMs\_NO%SEi(|o6X( j)E%*Cuf<1ULPkz?FyRaB>E^kT{">[ZZI($>OIdvD&b2 xU2m ?XTDI. Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. 112 0 obj << /Linearized 1 /O 115 /H [ 1050 560 ] /L 104808 /E 30824 /N 18 /T 102449 >> endobj xref 112 22 0000000016 00000 n Apr 25, 2023. the purposes of this Act and the Gramm-Leach-Bliley Act, the following activities as, and the extent to which such activities are, financial in nature or incidental to a financial activity: (A) Lending, exchanging, transferring, investing for. [ 1] The GLBA provides a framework for regulating the privacy and data security practices of a broad range of financial institutions. See also infra discussion at section II.A. You are encouraged to reuse any material on this site. Subject to a determination under subparagraph (B), any individual described in subparagraph (A) who, as of the date of the enactment of the Return to Prudent Banking Act of 2023, is serving as an officer, director, employee, or other institution-affiliated party of any insured depository institution shall terminate such service as soon as practicable after such date of enactment and no later than the end of the 60-day period beginning on such date. The site is secure. Element 3: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 C.F.R. endobj Memo from Chair Lina M. Khan to commission staff and commissioners regarding the vision and priorities for the FTC. 3 0 obj We hope to enable educators to build lesson plans centered around any bill or vote in Congress, even those as recent as yesterday. Subparagraph (A) shall not apply with respect to service by any individual which is otherwise prohibited under such subparagraph if the appropriate Federal banking agency determines, by regulation with respect to a limited number of cases, that service by such individual as an officer, director, employee, or other institution-affiliated party of any insured depository institution would not unduly influence the investment policies of the depository institution or the advice the institution provides to customers. WebThe Gramm-Leach-Bliley Act is named for the lawmakers who sponsored it: Sen. Phil Gramm (R-Texas), Rep. Jim Leach (R-Iowa) and Rep. Thomas Bliley (R-Va.). Amendment by Pub. 314.4(h)). fC\huwa W.`SU`GH L. 111203 inserted ,other than the Bureau of Consumer Financial Protection, after section 6805(a) of this title in introductory provisions. 11494, 129 Stat. WebV, Gramm-Leach-Bliley Act (15 U.S.C. or securities. Place hold Add to cart 314.4(c)(1) through (8). Privacy notices like these need to be issued at the beginning of a customer's relationship with an institution and at least once per year thereafter; updated versions of the information must be issued when privacy policies change. 314.4(c)). 15 U.S. Code 6801 - Protection of nonpublic personal Text Act WebGrammLeachBliley Act (GLBA), Regulation R, and Retail Nondeposit Investment Sales The Gramm-Leach-Bliley Act sets forth certain exceptions for banks from the broker-dealer registration requirements of the Securities and Exchange Act of 1934. Youve cast your vote. 106-102, 113 Stat. This Act creates a new Federal private cause of action and Federal subject matter jurisdiction for a beneficiary of a covered policy to bring a civil action against the insurer for the covered policy or a related company of the insurer to recover proceeds due under the covered policy or otherwise to enforce any rights under the covered policy. 0000004180 00000 n The law requires Gramm-Leach-Bliley Act You can also find guidance regarding GLBA as well as other cybersecurity resources on the FSA Partner Connect Cybersecurity page. The process of incorporating a newly-passed piece of legislation into the Code is known as "classification" -- essentially a process of deciding where in the logical organization of the Code the various parts of the particular law belong. The Gramm-Leach-Bliley Act requires financial institutions companies that offer consumers financial products or services like loans, financial or investment advice, or insurance to explain their information-sharing practices to their customers and to safeguard sensitive data. The language of the notices may be fairly boilerplate, and indeed the SEC makes model forms available. 0000002995 00000 n On the other hand, legislation often contains bundles of topically unrelated provisions that collectively respond to a particular public need or problem. You'll need to: The Safeguard Rule's mandates are generally phrased in terms of outcomes rather than specific infosec techniques that are required to achieve those outcomes. By joining our advisory group, you can help us make GovTrack more useful and engaging to young voters like you. Please join our advisory group to let us know what more we can do. Check out their Cybersecurity Assessment Tool, which can help you identify specific areas in which your organization may not be aligned with the GLBA's requirements. 1831w). 32k!6=uHSj\-1UIC]Li5]|:suWR+R4;<0{PC\ZW]dt T|Q}!s\7BRmgCJI$X=r+FetvXT.26T ) 2wJ~j^5}7=(E 0gZ%A6d;bn@ i, )Pn\|-b>T,9:4 (iF]v';#?o6**O bh*0He [WEn s)xsTW?%iF!$*gE}+3iC/h()X&/23dusoe _~?fup}1\xGl ba7#&a 22=b-;`$&4?m #c$Wv(9y^/UR|P{Of'`N&;z TBGWbKw9DCvT] Institutions violating the law can be fined up to $100,000 for each violation. Webwashington state law library; town center east, building 3 243 israel road se tumwater, wa 98501 (360) 357-2136; mail: p.o. WebThe Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, was passed in November 1999. For purposes of this subsection, the terms broker and dealer have the same meanings as in section 3(a) of the Securities Exchange Act of 1934 and the terms investment adviser and investment company have the meaning given such terms under the Investment Advisers Act of 1940 and the Investment Company Act of 1940, respectively. Find the resources you need to understand how consumer protection law impacts your business. 2 0 obj The current information security requirements that institutions must meet are the GLBA Safeguards Rule requirements at 16 C.F.R. Josh Fruhlinger is a writer and editor who lives in Los Angeles. An official website of the United States government. Gramm Privacy of Consumer Financial 1811 et seq.) On December 9, 2021, the Federal Trade Commission (FTC) issued final regulations (Final Rule) to amend the Standards for Safeguarding Customer Information When it comes to the Privacy Rule, the GLBA makes a distinction between different types of people a company interacts with. 30 Minute Mortgage, Inc., Gregory P. Roth, and Peter W. Stolz, Garrett, Paula L. d/b/a Discreet Data Systems, Guzzetta, Victor L., d/b/a Smart Data Systems, Information Search, Inc., and David J. Kacala (District of Maryland, Northern Division). That said, it isn't just the Citibanks of the world who fall under the watchful eye of regulators thanks to the GLBA. Make sure you're in compliance nowit'll protect both you and your customers. As these descriptions should make clear, getting ready for the GLBA is a big effort, but it will largely overlap with needed cybersecurity measures that any institution should be taking. Short title. 24a) is amended to read as follows: In the case of a national bank which, pursuant to the amendments made by paragraph (1), is no longer authorized to control or be affiliated with a financial subsidiary as of the date of the enactment of this Act, such affiliation shall be terminated as soon as practicable and in any event no later than the end of the 2-year period beginning on such date of enactment. The Comptroller of the Currency, after opportunity for hearing, may terminate, at any time, the authority conferred by the preceding subparagraph to continue any affiliation subject to such subparagraph until the end of the period referred to in such subparagraph if the Comptroller determines, having due regard for the purposes of this Act, that such action is necessary to prevent undue concentration of resources, decreased or unfair competition, conflicts of interest, or unsound banking practices and is in the public interest. others, or safeguarding financial assets other than money. L. 111203, set out as a note under section 552a of Title 5, Government Organization and Employees. Gramm-Leach-Bliley Act Spot the latest COVID scams, get compliance guidance, and stay up to date on FTC actions during the pandemic. Gramm-Leach-Bliley Act Gramm-Leach by redesignating clauses (ii), (iv), (vi), (viii), and (ix) as clauses (i), (ii), (iii), (iv), and (v), respectively. The appropriate Federal banking agency, after opportunity for hearing, may terminate, at any time, the authority conferred by the preceding subparagraph to continue any affiliation subject to such subparagraph until the end of the period referred to in such subparagraph if the agency determines, having due regard for the purposes of this subsection and the Return to Prudent Banking Act of 2023, that such action is necessary to prevent undue concentration of resources, decreased or unfair competition, conflicts of interest, or unsound banking practices and is in the public interest. \ Privacy pros zero in on Title V, Subtitle A of the GLBA (15 U.S.C. While all elements of the Safeguards Rule are vital to protecting the security of customer information, an institution or servicer may significantly reduce the risk of a security breach, and the resulting harm and inconvenience to its customers, by encrypting customer information while it is in transit outside its systems or stored on its system and by implementing multi-factor authentication for anyone accessing customer information on its systems. Gramm Leach Bliley Act - Louisiana State University Shreveport Join GovTrack.uss Inner Circle With a Yearly Membership, In retaliation for prosecutor Alvin Bragg indicting Trump, ALVIN Act would ban federal funds for, On March 29, Arizona Republican Andy Biggs introduced a (possible record) 521 bills in one day, No More Political Prosecutions Act would give presidents like Trump option to move their legal. !`MBq!O!Xe=xB7p4IjPw 0jb7cZ5>$. 118th CONGRESS. 1828b, 1849) clarify the application of the FTC Act and other FTC statutes to subsidiaries and other affiliates of depository institutions, and provide for certain interagency information sharing. Please note that compliance with the GLBA requirements is not the same as compliance with NIST 800-171. The FTC is one of the primary enforcement arms; it notched a recent settlement with PayPal over violations from the company's Venmo service, for instance. Find legal resources and guidance to understand your business responsibilities and comply with the law. Sometimes classification is easy; the law could be written with the Code in mind, and might specifically amend, extend, or repeal particular chunks of the existing Code, making it no great challenge to figure out how to classify its various parts. ?E Mk~tEK:UiZuS:oEGQ^};_nzG+>)Ce0W!j1zA0:0%P'DN#y endstream endobj 133 0 obj 444 endobj 115 0 obj << /Type /Page /Parent 97 0 R /Resources 116 0 R /Contents 121 0 R /Thumb 58 0 R /MediaBox [ 0 0 612 792 ] /CropBox [ 0 0 612 792 ] /Rotate 0 >> endobj 116 0 obj << /ProcSet [ /PDF /Text ] /Font << /F1 120 0 R /F2 117 0 R /F3 125 0 R >> /ExtGState << /GS1 127 0 R >> >> endobj 117 0 obj << /Type /Font /Subtype /Type1 /FirstChar 32 /LastChar 151 /Widths [ 287 296 333 574 574 833 852 241 389 389 500 606 278 333 278 278 574 574 574 574 574 574 574 574 574 574 278 278 606 606 606 500 747 759 778 778 833 759 722 833 870 444 648 815 722 981 833 833 759 833 815 667 722 833 759 981 722 722 667 389 606 389 606 500 333 611 648 556 667 574 389 611 685 370 352 667 352 963 685 611 667 648 519 500 426 685 611 889 611 611 537 389 606 389 606 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1000 ] /Encoding /WinAnsiEncoding /BaseFont /OPPKBD+NewCenturySchlbk-Bold /FontDescriptor 118 0 R >> endobj 118 0 obj << /Type /FontDescriptor /Ascent 737 /CapHeight 722 /Descent -205 /Flags 262178 /FontBBox [ -165 -250 1000 988 ] /FontName /OPPKBD+NewCenturySchlbk-Bold /ItalicAngle 0 /StemV 154 /XHeight 475 /StemH 54 /CharSet (=RaaE%=m\)^M*\\{cet/m\(V\ {xJ{VX-0T}bQ+6\\S,>>KqMXt2U\ t\(yF7\\"E?k>R|) /FontFile3 130 0 R >> endobj 119 0 obj << /Type /FontDescriptor /Ascent 737 /CapHeight 722 /Descent -205 /Flags 34 /FontBBox [ -195 -250 1000 965 ] /FontName /OPPKBE+NewCenturySchlbk-Roman /ItalicAngle 0 /StemV 92 /XHeight 464 /StemH 45 /CharSet (-QGuYD\\\\[_X1fG+e_-"8tkhXT\ Uh3*p\)cE.wnl5h#! This Electronic Announcement provides a summary of the changes to the GLBA requirements resulting from the Final Rule, explains the impacts of the changes on postsecondary institutions, and describes changes to the Department of Educations (Department) enforcement of the GLBA requirements. Updates to the Gramm-Leach-Bliley Act Cybersecurity Franchisee Conversations with Chair Khan and Cmr. 314.4(i)). 78c(a)(5)(C)) is amended. From the perspective of infosec pros, though, the more immediately important aspect of the Pretexting Rule is that it requires financial services institutions themselves to take affirmative steps to prevent pretexting. Why can't these popular names easily be found in the US Code? Gramm-Leach-Bliley Act - International Association of Privacy 1843(c)(8)) is amended by striking the day before the date of the enactment of the Gramm-Leach-Bliley Act and inserting January 1, 1970. Federal government websites often end in .gov or .mil. Parts 160 and 164, established under the Health Insurance For example, consumers who aren't customers are only entitled to privacy and opt-out notices if an institution makes specific plans to share those consumers' data with third parties; customers have these rights as soon as they establish a customer relationship.