The Gramm-Leach-Bliley Act (GLB) is a federal law that allowed financial institutions (banks/credit unions, credit card issuers, payday loan companies, mortgage brokers, insurance companies, investment companies and investment advisors) to combine more easily and gain more access to your personal information. It also provides you with some privacy rights when you're a customer of a financial institution.
Receive a Privacy Notice
GLB requires your financial institution to provide you with a privacy notice explaining
- the kinds of information your financial institution collects about you and how it uses that information
- how you can prevent the sharing of your customer data with third parties (opt out)
- how your financial institution safeguards your confidential financial information
Most financial institutions use a model privacy notice. The notice is a two-page form designed to allow you to compare the privacy practices of different financial institutions.
Opt Out of Some Information Sharing
GLB gives you the right to opt out of having your personal information shared with companies that aren't owned or controlled by the financial institution with which you do business (third-party nonaffiliated companies).
Your rights under GLB only apply to your nonpublic personal information (NPI)—personally identifiable financial information that a financial institution collects about you in connection with providing a financial product or service (unless that information is otherwise publicly available)—including
- personal information you give to get a financial product or service (income or Social Security number)
- transaction information (account numbers, payment history, loan or deposit balances, credit or debit card purchases)
- information from credit reports
Even if you opt out, a financial institution can still share your NPI with its affiliates. However, you have the right to prevent a company from sharing information about your creditworthiness (i.e. amount and source of your income, debt level and history of paying bills on time) with affiliates.
You don’t have the right to opt out of your financial institution sharing NPI with service providers (companies that contract with your bank to service your account) or joint marketers (companies that partner with your financial institution for the purpose of marketing financial products or services).
Complain About Violations
If you don’t get
- a privacy notice
- the ability to opt out (or your opt-out instructions aren’t followed)
You can complain to the Consumer Financial Protection Bureau. They'll investigate the matter and you’ll receive a response to your complaint.