Gramm-Leach-Bliley Act

Law:

Pub. L. No. 106-102, 113 Stat. 1338, codified in relevant part primarily at 15 U.S.C. §§ 6801-6809, §§ 6821-6827

Title V, subtitle A, of this Act (15 U.S.C. § 6801 et seq.) requires the FTC, along with the Federal banking agencies and other regulators, to issue regulations ensuring that financial institutions protect the privacy of consumers' personal financial information. Such institutions must develop and give notice of their privacy policies to their own customers at least annually (except where exempted under section 75001 of the Fixing America's Surface Transportation Act (FAST Act), Pub. L. No. 114–94, 129 Stat. 1787, codified at 15 U.S.C. 6803(f)), and before disclosing any consumer's personal financial information to an unaffiliated third party, and must give notice and an opportunity for that consumer to "opt out" from such disclosure. Under the Dodd-Frank Act, this rulemaking authority transferred to the Bureau of Consumer Financial Protection (except with respect to certain motor vehicle dealers), but the FTC continues to have enforcement authority. Subtitle A also requires the FTC and other agencies to issue regulations for the safeguarding of personal financial information; this authority did not transfer. The Act also limits the sharing of account number information for marketing purposes.

Subtitle B of Title V (15 U.S.C. § 6821 et seq.) prohibits obtaining customer information of a financial institution by false pretenses. The FTC enforces these provisions with regard to entities not specifically assigned by the provision to the Federal banking agencies or other regulators. Also, Sections 131-133 of the Act (15 U.S.C. §§ 41 note; 12 U.S.C. §§ 1828b, 1849) clarify the application of the FTC Act and other FTC statutes to subsidiaries and other affiliates of depository institutions, and provide for certain interagency information sharing.