The GLBA also created provisions protecting the financial information of consumers held by financial institutions. The law's privacy protection provisions have three principal parts:
Financial Privacy Rule. Governs the collection and disclosure of customers' personal financial information by financial institutions. Applies to companies, including financial institutions, that receive this information. Under this rule, recipients of consumer information must furnish to their customers a privacy notice explaining how customer information is shared, used, and protected. On November 17, 2009, eight federal agencies, including the FDIC, the SEC, and the FTC, released a model privacy notice that will make it easier for consumers to understand how their information is collected (see Federal Regulators Issue Final Model Privacy Notice Form).
Safeguards Rule. Requires the design, implementation, and maintenance of systems to safeguard customers' financial information. Applies to financial institutions and companies, such as credit rating agencies, that receive customer information.
Pretexting provisions. Protects consumers from companies and individuals that obtain their financial information under false pretenses.