Gramm-Leach Bliley Act (GLBA)


Protecting the privacy of consumer information held by financial institutions is at the heart of the Gramm-Leach-Bliley Act (GLBA) of 1999. The GLBA provides limited privacy protections against the sale of private financial information. Additionally, the GLBA organized protections against pretexting, the practice of obtaining personal information through false pretenses. It also ended regulations that prevented the merger of banks, stock brokerage companies and insurance companies.

Financial Services Industry Impact

The GLBA applies to financial institutions – companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance. Under the Financial Privacy Rule, these financial institutions must comply with three simple requirements: they must securely store personal financial information; they must advise individuals on their sharing policies; and they must give individuals the option to opt-out. In addition, the Safeguard Rule requires a written information security plan.  In order to comply many financial institutions are investing in technologies that enable them to:

  • Efficiently distribute consumer privacy notifications and opt-out options quickly and easily.
  • Electronically control and protect sensitive information in a secure ECM system.
  • Establish security protocols to prevent fines and save money.

“Today’s interpretation of GLBA calls for controls on customer data, the strength of which are proportional to the sensitivity of the information being stored. What this means is that your data security goes well beyond your storage device alone and, in fact, encompasses a company’s policies and procedures as well as the hardware that maintains the storage infrastructure.”

–, 10 things you should know about the Gramm-Leach-Bliley Act

ECMNOW! Enables GLBA Compliance

Enterprise Content Management (ECM) provides companies with controls and system security that enable compliance. Many financial services companies invest in ECMNOW! to address GLBA privacy and security regulations. ECMNOW! makes it easy to enhance efficiency, gain control and save money.

Distribute Information Efficiently

Under the Financial Privacy Rule, financial institutions are required to provide each customer with a privacy notice that explains what information is collected and how it is shared, used and protected. ECMNOW! allows efficient document distribution and provides a secure means for sharing policies.

  • Share an unlimited number of privacy notices with customers through document disclosures.
  • Allow secure, temporary, web-based access to documents for customers who prefer to receive information electronically.
  • Allow customers to electronically opt-out.

Protect Sensitive Information and Control Security

GLBA provisions require financial institutions to protect information from unauthorized access or any anticipated threats or hazards to security that could result in malicious use of the information. ECMNOW!  provides tools to proactively guard against attacks and to control security settings.

  • Verify security access rights for every information request.
  • Track all user activity, including attempts at accessing protected records without security clearance.
  • Ensure all documents are secure, at rest and when transmitted using document encryption.

Save Money by Establishing Security Procedures

The Safeguards Rule mandates financial institutions review how they manage personal information and analyze systems and policies. A written information security plan must describe how they maintain customer confidentiality in order to avoid penalty fines. ECMNOW! provides extensive security features, reducing time, energy and money spent trying to establish such plans.

  • Implement easy-to-use cloud ECM technology to improve security without a costly capital investment.
  • Reduce the cost of records management and storage by converting paper documents to digital files.
  • Avoid costly fines through automatic electronic systems and processes that ensure security procedures are followed.

Click Here to Download This Brief