The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. More detailed information from the Federal Trade Commission can be found here.
GLBA compliance applies to financial institutions, or any business offering financial products and services to individuals. This includes loans, debt collection, financial advice, investment advice, or insurance. The FTC includes a wide range of organizations considered to be financial institutions for the purposes of GLBA compliance. These include:
| ATM operators | Banks | Car Rental Companies | Check-cashing Businesses |
| Consumer Credit Reporting Agencies | Credit Counseling Services | Courier Services | Credit Card Companies |
| Credit Reporting Agencies | Credit Unions | Debt Collection Agencies | Educational Institutions* |
| Financial Advisory Firms | Hedge Funds | Insurance Advisors | Loan Brokers |
| Mortgage Brokers | Mortgage Lenders | Non-Bank Lenders | Non-Bank Mortgage Lenders |
| Property Appraisers | Real Estate Firms | Real Estate Settlement Service Providers | Investment Advisers |
| Stockbrokers | Tax Preparation Services |
Additionally, if an organization receives data from financial institutions, they must also adhere to GLBA compliance requirements. Financial institutions are responsible for ensuring that these organizations implement safeguards to ensure non-public customer information in their care is protected.
Failure to meet GLBA compliance requirements can result in fines and time in prison. GLBA compliance violations carry penalties not just for financial institutions, but also for individuals. Financial institutions who intentionally disregard GLBA compliance requirements, along with their owners and directors, can face criminal prosecution in a federal district court with criminal fines and imprisonment.
