Gramm-Leach-Bliley Act (GLBA) Privacy Rules and Data Security Guidelines

Title V of the Gramm-Leach-Bliley Act (GLBA) establishes requirements relating to the privacy and security of consumer information. Whenever a financial institution collects, or otherwise has access to, information from or about consumers, it should evaluate whether these rules will apply. The rules have particular relevance to social media when, for instance, a financial institution integrates social media components into customers' online account experience or takes applications via social media portals.

A financial institution using social media should clearly disclose its privacy policies as required under GLBA.

Even when there is no "consumer" or "customer" relationship triggering GLBA requirements, a financial institution will likely face reputation risk if it appears to be treating any consumer information carelessly or if it appears to be less than transparent regarding the privacy policies that apply on one or more social media sites that the financial institution uses.

Sources: FFIEC; GLBA

The Highlights:

  • Lenders accepting applications via social media must clearly disclose the company privacy policy for consumers.
  • Even if a lender is not accepting applications via social media, it is still beneficial to display privacy policies to mitigate reputational risk.