Skip to main content

Financial Privacy: Status of State Actions on Gramm-Leach-Bliley Act's Privacy Provisions

GAO-02-361 Published: Apr 12, 2002. Publicly Released: May 16, 2002.
Jump To:
Skip to Highlights


Subtitle A of Title V of the Gramm-Leach-Bliley Act (GLBA) of 1999 requires that each financial institution, which is defined to include most insurance providers or companies, has "an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information." This prohibits the disclosure of consumers' nonpublic personal information to any entity that is not an affiliate of, or related by common ownership or control, to the institution unless the consumer is given an opportunity to opt out of such disclosure. Also, financial institutions must provide consumers with privacy notices that explain the institution's policies and practices for disclosure. Subtitle A calls upon federal regulators to (1) issue regulations implementing disclosure-related requirements and (2) establish standards for safeguarding the privacy and integrity of customer information and records. The act also requires state insurance authorities to enforce its provisions by adopting regulations for both information disclosure and information safeguards. As of March 2002, all of the states and the District of Columbia have acted to ensure that insurance companies under their jurisdiction meet Subtitle A's disclosure and notice requirements. In addition, some states have included or retained provisions in their regulations or laws that they believe provide greater protections or more restrictive requirements than those contained in Subtitle A. Only New York has established standards for protecting the security and confidentiality of insurance customer information as of March 2002. Another state, California, has issued proposed regulations establishing such standards. In contrast, as of March 2002, the federal regulators charged with implementing Subtitle A--with the exception of the Federal Trade Commission--have issued their final standards. FTC has received comments on proposed standards and is developing its final rule.

Full Report

Office of Public Affairs


Disclosure lawstate relationsFinancial institutionsInformation disclosureInsurance companiesInsurance regulationLaw enforcementPrivacy lawRight of privacyInformation security regulations