The Gramm-Leach-Bliley Act's (GLBA) Financial Privacy Rule directly addresses this scenario. This rule mandates that financial institutions provide customers with a clear and conspicuous privacy notice that explains what nonpublic personal information (NPI) they collect and with whom they share it. Most importantly, this rule gives customers the right to "opt-out," or direct the institution not to share their NPI with certain nonaffiliated third parties. This opt-out provision is the specific process that allows the customer to control the sharing of their mortgage information for marketing purposes as described in the scenario.

B. Pretexting: This provision makes it illegal to obtain customer information from financial institutions under false pretenses; it does not govern legitimate data sharing.

C. Consumer protection: This is a broad legal concept, not a specific rule within GLBA. The Financial Privacy Rule is the specific provision that provides this particular consumer protection.

D. Safeguards: The Safeguards Rule requires institutions to have a security plan to protect customer data from unauthorized access; it does not address the customer's right to control sharing.

---

1. Federal Trade Commission (FTC). How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act. Section: "The privacy notice" and "The right to opt out." The FTC documentation states, "The privacy notice must explain that you may share the information with nonaffiliated third parties... You must give your consumer a reasonable opportunity to opt out before you share their NPI with nonaffiliated third parties." This directly supports the customer's ability to control information sharing.

Source Document: FTC's official compliance guide for the GLBA Privacy Rule.

2. Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801-6809. Subchapter I—Disclosure of Nonpublic Personal Information, § 6802. Obligations with respect to disclosures of personal information. This section of the law codifies the opt-out requirement, stating that a financial institution may not disclose nonpublic personal information to a nonaffiliated third party unless the institution provides the consumer with a notice and the consumer has not elected to opt out of the disclosure.

3. Litan, R. E. (2000). The Gramm-Leach-Bliley Act: A Boost to Financial Services Competition. Brookings Institution Policy Brief #67. Page 3, Paragraph 2. "The act contains several consumer protection provisions. The most significant of these requires all financial institutions to disclose their privacy policies to their customers and, subject to certain exceptions, to give them the opportunity to 'opt out' of having their confidential personal information shared with non-affiliated third parties."

Source Document: Brookings Policy Brief #67.