What are banks required to do under the Gramm-Leach-Bliley Act (GLBA)?

What are banks required to do under the Gramm-Leach-Bliley Act (GLBA)?
A . Conduct annual consumer surveys regarding satisfaction with user preferences
B . Process requests for changes to user preferences within a designated time frame
C . Provide consumers with the opportunity to opt out of receiving telemarketing phone calls
D . Offer an Opt-Out before transferring PI to an unaffiliated third party for the latter’s own use

View Answer

Answer: D

Explanation:

The Gramm-Leach-Bliley Act (GLBA) is a federal law that regulates the privacy and security of consumer financial information collected, used, and disclosed by financial institutions, such as banks, credit unions, securities firms, insurance companies, and others12. Under the GLBA, financial institutions must comply with two main rules: the Privacy Rule and the Safeguards Rule12. The Privacy Rule requires financial institutions to provide notice to their customers about their information-sharing practices and to obtain verifiable parental consent before collecting, using, or disclosing personal information from children12. The Privacy Rule also gives customers the right to opt out of having their personal information shared with certain nonaffiliated third parties, unless an exception applies12. The Safeguards Rule requires financial institutions to develop, implement, and maintain a comprehensive information security program that protects the confidentiality, security, and integrity of customer information12.

Therefore, banks and other financial institutions are required to offer an opt-out before transferring personal information (PI) to an unaffiliated third party for the latter’s own use, unless an exception applies, such as when the disclosure is necessary to complete a transaction requested or authorized by the customer, or when the disclosure is to a service provider or joint marketer that agrees to protect the information and use it only for the purposes for which it was disclosed12. This requirement is intended to give customers more control over how their personal information is used and shared by financial institutions and to protect their privacy rights12.

Reference: 1: Gramm-Leach-Bliley Act | Federal Trade Commission, 1. 2: How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act | Federal Trade Commission, 2.