The Gramm-Leach-Bliley Act (GLBA) is a federal law that regulates the privacy and security of

consumer financial information collected, used, and disclosed by financial institutions, such as banks,

credit unions, securities firms, insurance companies, and others12. Under the GLBA, financial

institutions must comply with two main rules: the Privacy Rule and the Safeguards Rule12. The

Privacy Rule requires financial institutions to provide notice to their customers about their

information-sharing practices and to obtain verifiable parental consent before collecting, using, or

disclosing personal information from children12. The Privacy Rule also gives customers the right to

opt out of having their personal information shared with certain nonaffiliated third parties, unless an

exception applies12. The Safeguards Rule requires financial institutions to develop, implement, and

maintain a comprehensive information security program that protects the confidentiality, security,

and integrity of customer information12.

Therefore, banks and other financial institutions are required to offer an opt-out before transferring

personal information (PI) to an unaffiliated third party for the latter’s own use, unless an exception

applies, such as when the disclosure is necessary to complete a transaction requested or authorized

by the customer, or when the disclosure is to a service provider or joint marketer that agrees to

protect the information and use it only for the purposes for which it was disclosed12. This

requirement is intended to give customers more control over how their personal information is used

and shared by financial institutions and to protect their privacy rights12.

Reference: 1: Gramm-Leach-Bliley Act | Federal Trade Commission, 1. 2: How To Comply with the

Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act | Federal Trade

Commission, 2.