GLBA Safeguards Rule

The Gramm-Leach-Bliley Act includes a 'Safeguards Rule', which requires financial services companies to take certain measures to ensure the security of the customer data they collect.


The Rule directs a business to prepare an information security plan. The plan must address the following concerns:

  1. Note the risks to the disclosure of personal information in each area the business is involved in.

  2. Review the adequacy of the measures taken to protect the personal information.

  3. Continuously evaluate the plan in order to determine the need to adjust it to changing circumstances.

Companies engaged in the business of mortgage lending, credit reporting, real estate, and tax preparation may be required to comply with the Safeguards Rule, and confirm through contractual agreements that third parties they exchange nonpublic personal information with take the necessary precautions as well. Consumers must be notified when their personal information is given to a third party.


Both financial services companies, and individuals in positions of responsibility at those companies can be fined for violations of the Safeguards Rule. A company can be fined $100,000 for an individual violation, and an individual $10,000. An individual may also be sentenced up to five years in prison.


In 2020, Mortgage Solutions agreed to a settlement with the FTC in which it paid $120,000 for disclosing personal information it obtained from credit reports and mortgage applications. The information was posted on Yelp in response to negative reviews Mortgage Solutions received .