Gramm-Leach-Bliley Financial Services Modernization Act of 1999

This was signed on November 11, 1999, as Public Law 106-102 (113 Stat. 1338).

Title 15, Chapter 94, Subchapter I, Sec. 6801

Sec. 6801. - Protection of nonpublic personal information

(a) Privacy obligation policy

It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information.

(b) Financial institutions safeguards

In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards -

A number of federal and state agencies are involved in enforcing this act:

1. Federal banking agencies (i.e., Board of Governors of the Federal Reserve System; Comptroller of the Currency, FDIC, Office of Thrift Supervision and others)
2. National Credit Union Administration
3. Secretary of the Treasury
4. Securities and Exchange Commission
5. Federal Trade Commission (FTC)
6. National Association of Insurance Commissioners

The FTC and the Agencies did express their intention to work with Department of Health and Human Services to avoid the imposition of duplicative or inconsistent regulations. In response to comments from colleges and universities that they be excluded from the term financial institution, the FTC stated that many, if not all, such institutions appear to be significantly engaged in lending funds to consumers. However, taking account of the privacy protections offered by the Federal Educational Rights and Privacy Act ("FERPA"), which cover student financial records, the FTC decided that educational institutions, which are complying with FERPA to protect student financial aid records, will be deemed to be in compliance with the FTC Privacy Rule.