Do The Privacy Notice Requirements Of The Gramm-Leach-Bliley (GLB) Act Apply To Your Company?
The short answer is YES, if you are considered a “financial institution” under the Gramm-Leach-Bliley Act of 2000 (GLB). Such institutions are required to send GLB-compliant privacy policies to their customers initially and once a year thereafter.
Under GLB, a “financial institution” includes traditional institutions such as banks, credit unions, and securities brokers. It also covers other entities such as real estate appraisers, insurance companies, automobile leasing companies, companies that operate as travel agencies in connection with financial services, and retailers that issue their own credit cards directly to consumers.
If your company is considered a “financial institution” as defined above, then you need to send your customers an initial – and then annual – notice regarding your company’s policies. In your notice, you must explain how you collect and share information, and provide a way for customers to opt-out of such information exchanges. Specifically, you must include: