White Papers provided by the SAS 70 Resource Guide

Privacy and Information Disclosure Provisions within GLBA

Organizations that offer financial products or services to consumers must meet certain regulatory compliance guidelines relating to "privacy notices and information disclosure practices regarding consumer's information. Specifically, these financial institutions, such as banks and securities firms, to name a few, must make these disclosures to their customers, along with consumers also. What's important to note is that a host of "financial institutions" that do not fall under the mantra of governmental regulatory enforcement agencies, such as the Securities and Exchange Commission (SEC) or other federal and state agencies, are under the watchful guise of the Federal Trade Commission (FTC). Thus, entities "significantly engaged" in tax preparation, debt collection, mortgage settlements, and other financial activities must meet GLBA privacy requirements for customers and consumers.

The term "customers" and "consumers" is important to note because of the distinctions within the GLBA privacy rules. "Customers" are automatically entitled by law to receive a financial institutions privacy notice, while "consumers", with some exceptions, only receive privacy notices if their information is shared with another entity that is not affiliated with the original financial institution.

Privacy Notice and Opt Out Rights

GLBA requires that a financial institutions privacy practices are clear, concise and detail specifically what information is collected, who it is shared with, and what safeguards are enacted for protecting "customers" and "consumers" information. GLBA allows for an "Opt Out Rights" provision, whereby customers and consumers can "opt out", ultimately not having their information given to and shared with external, third party entities. However, "opt out" rights are not ubiquitous, as GLBA allows for sharing of information in various circumstances, such as outsourcing to a third party that provides critical services for a particular financial institution and other notable exceptions.