Privacy of Consumer Financial Information


Effective July 1, 2001, The Gramm-Leach-Bliley Act mandates that financial institutions establish appropriate safeguards to insure the confidentiality of customer records and nonpublic personal information. The law defines a "financial institution" for privacy purposes as "any institution the business of which is engaging in financial activities or activities that are incidental to financial activities as described Section 4(k) of the Bank Holding Company Act of 1956". This would include banks, thrifts, credit unions, broker-dealers, mutual funds, insurance companies and agents, finance companies, mortgage brokers and lenders, notification filers, check cashers, pawnshops, collection agencies, sale of checks, credit repair, and any other non-bank entities offering financial products.

Under the law, each financial institution must have a privacy policy and disclose it to its customers at the time the customer relationship is established, and at least once a year thereafter. Institutions must provide, at least on an annual basis, "clear and conspicuous" notice of their policies and procedures for protecting consumers nonpublic personal information. Institutions also must give customers an opportunity to "opt-out" before disclosing nonpublic information to an unaffiliated third party.

The Gramm-Leach-Bliley Act provided that the Federal Trade Commission (FTC) enforce the privacy provisions of the Act on non-bank affiliated mortgage brokers, and lenders.  In response, the FTC promulgated two rules, Financial Privacy Rule and Safeguards Rule.  Mortgage brokers and lenders should review these rule and ensure that they have proper policies and procedures in place to provide required disclosures to consumers and to ensure that the personal information of consumers remains secure and confidential.  Links to these rules can be found below:

Financial Privacy Rule

Safeguards Rule


Last updated July 20, 2007