Gramm Leach Bliley Act

Under GLB, a “financial institution” includes traditional institutions such as banks, credit unions, and securities brokers. It also covers other entities such as real estate appraisers, insurance companies, automobile leasing companies, companies that operate as travel agencies in connection with financial services, and retailers that issue their own credit cards directly to consumers.

If your company is considered a “financial institution” as defined above, then you need to send your customers an initial – and then annual – notice regarding your company’s policies. In your notice, you must explain how you collect and share information, and provide a way for customers to opt-out of such information exchanges. Specifically, you must include:

• Types of information your company collects;
• Types of information your company shares;
• Types of affiliates, non-affiliates and joint marketers with whom your company shares information; [Note: You need not offer an opt-out for information shared with affiliates, joint marketers, and non-affiliates that are performing functions on your company’s behalf. However, you must still describe your information-sharing practices.]
• How a customer can opt-out of information exchanges as well a method for doing so. You must also include a means for opting out of information exchanges among affiliates as required by the Fair Credit Reporting Act (FCRA);
• Assurance that information policies and practices are in place for security and confidentiality of data; and
• Description of the types of information your company discloses about former customers and to whom you disclose such information.

Data & Marketing Association
Corporate & Social Responsibility (CSR) Department and Government Affairs
225 Reinekers Lane
Suite 325
Alexandria, VA 22314
ethics@thedma.org
advocacy@thedma.org