What is GLBA Data?
The term “GLBA Data” refers to Nonpublic Personal Information (NPI) collected by financial institutions about their customers, protected under the Gramm-Leach-Bliley Act (GLBA). NPI includes details such as:
- Names;
- Addresses;
- Social Security Numbers (SSNs) or taxpayer IDs;
- Financial account numbers;
- Income;
- Credit histories;
- Transaction histories; and
- Nonpublic financial profiles
The three (3) main objectives of GLBA 501(b) are to:
- Ensure the security and confidentiality of customer records and information;
- Protect against any anticipated threats or hazards to the security or integrity of such records; and
- Protect against unauthorized access or use of such records or information which could result in substantial harm or inconvenience to any customer.
In addition to the direct providers of those services, any organization that receives data from those providers must also comply with GLBA requirements. The FTC uses an extremely broad definition of the term "financial institution" for the purposes of GLBA. In accordance with GLBA, almost any organization that works with consumers’ money is considered a financial institution. Some inclusions are obvious (e.g. bank, credit union or brokerage). However, there are many less obvious inclusions as well. Examples include:
- Preparers of income tax returns;
- Consumer credit reporting agencies and credit counseling services;
- Real estate transaction settlement services; and
- Debt collection agencies.