Jane Dotson
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999, is a US federal law that allows different types of financial institutions, including banks, insurance companies, and securities firms, to merge. The GLBA's Financial Privacy Rule differentiates between consumers and customers, requiring companies to notify their customers about their privacy practices and consumers if their information is shared in certain ways. The GLBA also includes a prohibition on discrimination against victims of domestic violence in the sale of accident, health, or life insurance through a bank or on bank premises.
| Characteristics | Values |
|---|---|
| Year of enactment | 1999 |
| Purpose | Liberalization of financial firms and markets |
| Applicability | Financial institutions (banks, securities firms, insurance companies) |
| Privacy | Required for non-public personal information (NPI) |
| Exemptions | Companies or individuals obtaining products for business, commercial, or agricultural purposes |
| Compliance | Required for companies offering financial products or services |
| State Law | Not preempted by GLBA if greater privacy protection is provided |
| Consumer protections | Broad protections relating to privacy |
| Prohibitions | Discrimination against victims of domestic violence in the sale of accident, health, or life insurance |
| Functional Regulation | Applicable to financial holding company groups |
| Grandfathering | Provided for insurance companies approved as thrift holding companies before May 4, 1999 |
Explore related products
What You'll Learn
GLBA's privacy stipulations
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999, is a US federal law that allows different types of financial institutions, including banks, insurance companies, and securities firms, to merge. The GLBA's privacy stipulations are designed to protect customers' personal information and ensure that financial institutions are transparent about their data practices.
The GLBA requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. This includes implementing administrative, technical, and physical safeguards to protect customer information. The GLBA defines financial institutions broadly to include any company that offers financial products or services, such as loans, financial or investment advice, or insurance.
The GLBA's privacy stipulations apply to "covered entities," which include any individual or entity that receives authorization from the Department, including those described by §82.002 of the Texas Insurance Code. The rules do not apply to information about companies or individuals who obtain products or services for business, commercial, or agricultural purposes. Covered entities are required to provide notice of their privacy policies and to describe the conditions under which they may disclose individuals' nonpublic personal financial information to non-affiliated third parties.
Nonpublic personal financial information (NPI) is defined as personally identifiable financial information about an individual that is not publicly available. The GLBA imposes restrictions on the use and disclosure of NPI by financial institutions, including insurance companies. For example, insurance companies must have agreements with recipients of NPI that restrict the usage of the information to what is necessary to carry out the services requested by the consumer.
The GLBA is enforced under state insurance law by state insurance authorities. However, the GLBA does not preempt state laws that provide greater privacy protection, and some states have statutes that go beyond the GLBA. Additionally, the GLBA applies to most, if not all, insurance agents and brokers, who must be aware of their legal responsibilities when handling customer information.
Medical vs. Health Insurance: What's the Difference?
You may want to see also
Explore related products
Non-public personal information
The Gramm-Leach-Bliley Act (GLBA) requires state insurance authorities to adopt requirements regarding the privacy and disclosure of nonpublic personal financial information applicable to the insurance industry. Nonpublic personal information (NPI) is any "personally identifiable financial information" that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise "publicly available". Nonpublic personal financial information includes personally identifiable financial information about an individual, as well as lists, descriptions, or other groupings of individuals that are derived using personally identifiable financial information that is not publicly available.
NPI obtained from an application or a third party, such as a consumer reporting agency, is considered nonpublic personal information. Examples of NPI include an individual's name, address, and phone number; Social Security number; account information; and account balances. NPI may also include information that an entity obtains from an individual's application or information collected as a result of certain transactions, such as claims submissions or other service requests.
The rules regarding NPI apply to "covered entities," which include any individual or entity that receives authorization from the Department, including those entities described by §82.002 of the Texas Insurance Code. The rules do not apply to information about companies or about individuals who obtain products or services for business, commercial, or agricultural purposes. Some covered entities may be exempt from the rules' requirements in certain circumstances.
Under the GLBA, affiliated parties are permitted to share nonpublic personal financial information with one another without the permission of the individual about whom the information was collected. Federal law allows banking, securities, and insurance companies to merge with one another to engage in new business activities outside their traditional areas of business. For example, an insurance company may offer banking products such as loans and credit cards in addition to its traditional insurance products by affiliating with a bank.
The GLBA requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. Financial institutions must give their customers a "clear and conspicuous" written notice describing their privacy policies and practices. Customers must also be informed of their right to "opt out" if they do not want their information shared.
Free Anti-Anxiety Medication: No Insurance, No Problem
You may want to see also
Explore related products
Anti-discrimination provisions
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, repealed part of the Glass-Steagall Act of 1933, removing barriers in the market among banking companies, securities companies, and insurance companies. The GLBA allows commercial banks, investment banks, securities firms, and insurance companies to consolidate.
The Act also includes a prohibition on discrimination against victims of domestic violence in the sale of accident and health or life insurance through a bank or on bank premises. This provision raises the possibility of a duty on the part of an insurer or agent to investigate whether an applicant's medical history is a result of domestic violence.
The Act establishes certain principles of "functional regulation" applicable to operations involving affiliations among banking, insurance, and securities firms. It imposes broad new consumer protections relating to privacy. The GLBA requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
The FTC Safeguards Rule requires covered companies to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. The rule instructs organizations to implement administrative, physical, and technical protections as safeguards against cyberattacks, email spoofing, phishing schemes, and similar cybersecurity risks. Ongoing employee training is emphasized as a critical strategy to counter pretexting threats.
The GLBA requires all state insurance authorities to adopt standards relating to the privacy and disclosure of nonpublic personal financial information applicable to the insurance industry. Nonpublic personal financial information includes personally identifiable financial information about an individual, as well as lists, descriptions, or other groupings of individuals that are derived using personally identifiable financial information that is not publicly available. The rules require covered entities to provide certain individuals with notice of their privacy policies and to describe the conditions under which the covered entity may disclose the individual's nonpublic personal financial information to non-affiliated third parties.
Free Medical Insurance in CA: Who Qualifies?
You may want to see also
Functional regulation
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999, is a US federal law that allows different types of financial institutions, including banks, securities firms, and insurance companies, to merge. The GLBA's original purpose was to remove established restrictions on affiliations among these financial institutions. This liberalization sought to make financial firms and markets more efficient, but it also meant that data would be shared between entities and affiliates in ways that had not been previously contemplated.
The GLBA establishes certain principles of "functional regulation" applicable to such operations. It devotes significant attention to establishing a system of functional regulation for financial holding company groups and addressing the balance of power between state insurance regulators and federal bank regulators. A holding company system that includes a bank, as defined by the Bank Holding Company Act, is subject to supervision and regulation by the Board of Governors of the Federal Reserve System (the Fed).
The GLBA's Financial Privacy Rule differentiates between consumers and customers. It requires companies to notify their customers about their privacy practices and, if they share their information in certain ways, to notify their consumers as well. A consumer is defined as an individual who obtains a financial product or service from a financial institution for personal use. The Financial Privacy Rule only applies to individuals, excluding commercial clients. Customers are a subset of consumers who have a continuing relationship with a financial institution, such as individuals with open bank accounts, signed leases, or insurance policies.
The GLBA imposes numerous general restrictions on the use and disclosure of nonpublic personal information (NPI) by financial institutions. NPI includes personally identifiable financial information provided by a consumer to a financial institution, resulting from any transaction or service performed for the consumer, or otherwise obtained by the financial institution. The GLBA requires financial institutions, including insurance companies, to explain their information-sharing practices to their customers and safeguard sensitive data.
The GLBA is enforced under state insurance law by state insurance authorities. It does not preempt state laws that provide greater privacy protection, and several states have statutes that go beyond the GLBA. While the GLBA applies to most insurance agents and brokers, it is important to note that state laws may also impose additional data privacy requirements that must be considered when handling customer information.
Understanding Unexpected Medical Insurance Taxes
You may want to see also
State insurance law
The Gramm-Leach-Bliley Act (GLBA) is a US federal law enacted in 1999 to remove established restrictions on affiliations among financial institutions, including banks, securities firms, and insurance companies. This liberalization sought to make financial firms and markets more efficient, but it also meant that data would be shared between entities and affiliates in ways that had not been previously contemplated.
The GLBA is enforced under state insurance law, i.e., by state insurance authorities. The GLBA does not preempt state law that gives greater privacy protection, and several states have statutes that go beyond the GLBA. For example, in Texas, the 77th Texas Legislature enacted SB 712, which requires the Commissioner of Insurance to adopt rules consistent with the federal requirements of GLBA.
The GLBA applies to most, if not all, insurance agents and brokers. It requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. This includes companies that offer consumers financial products or services like loans, financial or investment advice, or insurance. The GLBA imposes numerous general restrictions on the use and disclosure of nonpublic personal information (NPI) by financial institutions. NPI is defined as "personally identifiable financial information provided by a consumer to a financial institution, resulting from any transaction with the consumer, or otherwise obtained by the financial institution."
The GLBA also includes a prohibition on discrimination against victims of domestic violence in the sale of accident and health or life insurance through a bank or on bank premises. It raises the possibility of a duty on the part of an insurer or agent to investigate whether an applicant's medical history is a result of domestic violence.
Understanding the Cost of Medical Care Without Insurance
You may want to see also
Frequently asked questions
The GLBA is a US federal law enacted in 1999 to allow different types of financial institutions, including banks, securities firms, and insurance companies, to merge.
The GLBA requires insurance companies to explain their information-sharing practices to their customers and to safeguard sensitive data. It also limits the disclosure and use of customer information.
Nonpublic personal financial information includes personally identifiable financial information about an individual, such as their bank account or credit card numbers. It also includes lists, descriptions, or other groupings of individuals derived using this information.
The GLBA is enforced under state insurance law, but it does not preempt state law that gives greater privacy protection. Several states, like California, have statutes that go beyond the GLBA.
Non-compliance with the GLBA can result in legal consequences, including fines and lawsuits. Insurance agents and brokers who fail to protect their customers' personal information may also face reputational damage and a loss of trust from their clients.
