Gramm-Leach-Bliley Act Overview

The Gramm-Leach-Bliley Act (commonly called GLB or GLBA) is also known as the Financial Modernization Act of 1999. The GLB Act includes provisions to protect all consumers’ personal financial information held by financial institutions.

How are Email and Instant Message Records Involved?

Since personal financial information can and quite often is transmitted by, and retained in electronic formats, it is important to ensure that the management of such records complies with GLB.
What Organization are Impacted?

The Gramm-Leach-Bliley Act Act applies to "financial institutions" which are defined as businesses that offer financial products or services to individuals. Financial institutions as defined by GLB include the following:

Banks
Securities firms
Insurance companies

In addition to the "financial institutions" listed above the following "businesses" that provide financial products and services to consumers also must adhere to GLB. The enforcement of the GLB regulations fall under jurisdiction of the FTC (Federal Trade Commission).

These institutions include, but are not limited to the following:,

state-registered investment advisors
professional tax preparers
auto dealers engaged in financing or leasing
electronic funds transfer networks
mortgage broker
credit counselors
real estate settlement companies
retailers that issue credit cards to consumers
consumer debt-collecting firms
payday lenders and check-cashing businesses

Violation of GLBA may result in a civil action brought by the U.S. Attorney General. The penalties include those for the financial institution of up to $100,000 for each violation. In addition, “the officers and directors of the financial institution shall be subject to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation”. Criminal penalties may include up to 5 years in prison.

What are the Requirements of Gramm-Leach-Bliley?

The provisions includes the following:

Financial Privacy Rule
This rule requires that financial institutions provide consumers with privacy notices describing how they use and disclose consumers’ personal information. The notices must be provided to customers at the time the consumer relationship is established and annually thereafter. The notice must also let consumers know about their right to “opt-out” of having their information shared with unaffiliated parties. The unaffiliated parties receiving the nonpublic information are held to the same acceptance terms of the consumer as under the original relationship agreement.<

Safeguards Rule
This rule requires financial institutions to have reasonable policies and procedures to ensure the security and confidentiality of customer information (for both current and former customers). The plan must include denoting at least one employee to manage the safeguards, doing a risk analysis on current processes, developing and monitoring a program to secure the information, and making adjustments to the security plan as needed.

Pretexting Protection
Pretexting occurs when someone tries to gain access to personal information without the proper authority to do so. The financial institution must take all precautions necessary to protect and defend the consumer and associated nonpublic information.

Retention Requirements
The Gramm-Leach-Bliley Act requires each entity under its jurisdiction to have an electronic data (electronic messages) retention policy that archives the electronic data in an encrypted format to WORM (write once read many) media. Data retention time periods can vary based upon other state and federal regulations that have defined regulatory retention periods

To learn how Erado's on-demand electronic message archive, supervisory, discovery, and compliance solutions ensure that electronic records retention requirement for financial institutions that need to comply with Gramm-Leach-Bliley Act (commonly called GLB, GLBA, or the the Financial Modernization Act of 1999) are met please contact us at 866-67ERADO (866-673-7236)