Gramm-Leach-Bliley Act Overview

Questions and Answers

What does the Gramm-Leach-Bliley Act (GLBA) primarily govern?

• The sale of financial products to consumers
• The assessment of interest rates by lenders
• The length of mortgage loans
• The treatment of nonpublic personal information by financial institutions (correct)

Which entity holds rulemaking and enforcement authority over residential mortgage lenders under the GLBA?

• Consumer Financial Protection Bureau (CFPB) (correct)
• Federal Reserve
• Securities and Exchange Commission (SEC)
• Department of Justice (DOJ)

What must occur before a financial institution can disclose nonpublic personal information to nonaffiliated third parties?

• There must be a court order permitting the disclosure
• The consumer must provide written documentation
• The consumer's consent through verbal agreement
• The institution must provide notice and allow the consumer to opt-out (correct)

Which of the following is considered nonpublic personal information?

A consumer's Social Security number (C)

Which situation allows a financial institution to disclose nonpublic personal information without complying with disclosure requirements?

It is necessary for a transaction that the consumer requests or authorizes (D)

Under what condition can a financial institution share nonpublic personal information with third parties?

If the third party is contracted to perform services on behalf of the institution and is prohibited from further disclosure (B)

What type of information is classified as public information?

Federal, state, or local government records accessible to the public (B)

What is the primary purpose of a financial institution notifying consumers of its privacy policies?

To inform consumers of their rights and opt-out possibilities (A)

What distinguishes a consumer from a customer in financial terminology?

A consumer is an individual who uses services; a customer has ongoing services. (A)

Which of the following is NOT a requirement for financial institutions when providing notice of privacy policies?

Should only contain the types of information collected. (A)

What is one of the primary purposes of the National Do-Not-Call Registry?

To stop unwanted sales calls. (B)

Which statement about the Safeguards Rule under GLBA is true?

It mandates the development of an information security program to protect consumer information. (A)

When are sales calls permitted according to the rules established by the FTC?

From 8:00 AM to 9:00 PM, regardless of registration. (A)

What are financial institutions not permitted to do with consumer account numbers?

Disclose them for marketing purposes without consent. (C)

Which type of calls is exempt from Do-Not-Call restrictions?

Political calls. (A)

What must financial institutions do concerning redisclosure of nonpublic personal information?

They must follow redisclosure and reuse limitations. (D)

What is required in the opt-out notice provided under the FCRA?

Methods for opting out of affiliate information sharing. (D)

What financial institutions are required to do regarding their security programs?

Have a written security program addressing specific threats. (A)

Flashcards

GLBA

Governs how financial institutions handle customer's private information.

Nonpublic personal information

Private data not available publicly; includes info customers give to financial institutions (e.g., SSN, income).

Public information

Easily accessible data available to everyone; found in public records, phone books, etc.

Opt-out

Customer's choice to prevent disclosure of their private information to third parties.

Notice and opt-out requirements

Financial institutions must inform customers about their privacy policies and let customers decide if they want their personal data shared with others.

Financial Institution

Companies (like banks, credit companies) handling money or financial services.

Third party

A person or company that isn't directly part of the original financial transaction.

CFPB

Regulates residential mortgage lenders, part of the GLBA.

Short Form Notice

A condensed privacy notice for consumers who aren't also customers, providing a way to access the full notice.

Customer Relationship

A continued interaction between a financial institution and a consumer, with ongoing services provided.

Privacy Policy Disclosure

Financial institutions must inform consumers and customers about their privacy practices, including how they handle personal information.

What is a 'consumer'?

An individual who received or is receiving financial products or services from a financial institution.

Opt-out Right

Consumers have the right to choose not to have their nonpublic personal information disclosed to unaffiliated third parties.

Safeguards Rule

Financial institutions must have a strong information security program to protect customer data from unauthorized access.

Nonaffiliated Third Party

A company or individual not related to the financial institution, potentially sharing your data.

National Do-Not-Call Registry

A tool to stop unwanted telemarketing calls, allowing consumers to register their phone numbers.

Robocall

An automated call, illegal without direct written consent from consumers.

Legal Exceptions to Do-Not-Call

Certain calls are allowed even if a number is registered, including political, charity, debt collection, information calls, and surveys.

Study Notes

Gramm-Leach-Bliley Act (GLBA)

• GLBA regulates how financial institutions handle consumer nonpublic personal information.
• The Consumer Financial Protection Bureau (CFPB) enforces GLBA for residential mortgage lenders.

Nonpublic vs. Public Information

• Nonpublic information: Information not publicly available – provided by consumers to financial institutions to get products/services, obtained during transactions. Examples: names, addresses, social security numbers, credit scores.
• Public information: Information available to the public; examples include government records, telephone books, newspapers, websites.

Disclosure Rules

• Financial institutions must provide notice of privacy practices and allow opt-out choices for sharing nonpublic consumer info with non-affiliated third parties, unless exceptions apply.
• Exceptions include: services for the institution (marketing, joint products), necessary for requested/authorized transactions (account statements, credit audits), normal business conduct (fraud prevention, legal compliance), and disclosures to attorneys, accountants, auditors.

Notice Requirements

• Clear and conspicuous notice in writing or electronically (with consumer consent).
• Must include: types of data collected and disclosed, types of third parties, policies about former customer data, third-party service provider details, opt-out rights and methods, security policies, disclosures of info for everyday business.

Consumer vs. Customer

• Consumer: obtains or has obtained a financial product or service.
• Customer: consumer with an ongoing relationship receiving services.
• Short-form notice permitted for consumers who are not customers.

Safeguards Rule

• GLBA requires financial institutions to have an information security program protecting customer data.

National Do-Not-Call Registry

• Maintained by Federal Trade Commission (FTC) under the Telephone Consumer Protection Act.
• Purpose: Stop unwanted sales calls.
• Consumers can register phone numbers for free.
• Telemarketers must review lists monthly and remove registered numbers.

Do-Not-Call Rules & Exceptions

• Allowed calls even with registration: political, charitable, debt collection, informational, surveys (no sales).
• Sales calls: 8:00 AM to 9:00 PM.
• Robocalls: Illegal unless consumer provides written permission.
• Penalties for violating the registry: up to $43,792 per call.
• Record-keeping compliance required for telemarketers.

Description

This quiz covers the key aspects of the Gramm-Leach-Bliley Act (GLBA), including regulations on how financial institutions manage consumer nonpublic personal information. It also delves into the distinction between public and nonpublic information and the disclosure rules that institutions must follow. Test your knowledge on consumer privacy regulations in the financial sector!