The Gramm-Leach-Bliley Act is the federal law that offers protection of personal information with third parties. The Act requires a financial institution to protect the confidentiality and security of information it collects about individuals. Each institution has to provide its customers with a privacy notice which describes how they protect and share the information. They also have to offer the option to opt out to customers who do not want their information shared.

What type of information is protected?

The law protects information that is classified as “nonpublic, personal information.” Some examples of NPI includes:

  • Individual information like address, name, phone number and financial information
  • The fact that an individual either is, or has been a customer at the institution
  • Payment history, cash values, claim history
  • Any other type of information about a person that could be provided during the use of a product or service

Some of this information is available from a public source such as a phone book, but it is still considered to be protected because it pertains to customers.

Whose information is considered to be protected?

The law provides protection for both customers and consumers. A consumer is an individual who performs a solitary financial transaction with the institution but does not necessarily continue to use the institution’s services. A customer is an individual who continues to have an ongoing relationship with the institution. For example, an insurance company has an ongoing relationship with a client who continues to be covered by their insurance. Holding an account at a bank is another example of an ongoing relationship between an institution and an individual. Both consumers and customers are considered to be protected and their information is to be protected from disclosure to third parties.