Gramm-Leach-Bliley Policy Generator

Related Content:

Gramm-Leach-Bliley Privacy Policy Generator
Assistance To Marketers Who Use Financial Data

The DMA is pleased to provide marketers with information and assistance on how to comply with the notice and opt-out requirements of the Gramm-Leach-Bliley Act of 2000. This site provides you with the following information:

Do The Privacy Notice Requirements Of The Gramm-Leach-Bliley Act Apply To Your Company?

The short answer is YES, if you are considered a "financial institution" under the Gramm-Leach-Bliley Act of 2000 (GLB). Such institutions are required to send GLB-compliant privacy policies to their customers initially and once a year thereafter.

What is a "financial institution" under GLB?

Under GLB, a "financial institution" includes traditional institutions such as banks, credit unions, and securities brokers. It also covers other entities such as real estate appraisers, insurance companies, automobile leasing companies, companies that operate as travel agencies in connection with financial services, and retailers that issue their own credit cards directly to consumers.

What must a Gramm-Leach-Bliley privacy policy notice include?

If your company is considered a "financial institution" as defined above, then you need to send your customers an initial – and then annual – notice regarding your company’s policies. In your notice, you must explain how you collect and share information, and provide a way for customers to opt-out of such information exchanges. Specifically, you must include:

Types of information your company collects;
Types of information your company shares;
Types of affiliates, non-affiliates and joint marketers with whom your company shares information; [Note: You need not offer an opt-out for information shared with affiliates, joint marketers, and non-affiliates that are performing functions on your company’s behalf. However, you must still describe your information-sharing practices.]
How a customer can opt-out of information exchanges as well a method for doing so. You must also include a means for opting out of information exchanges among affiliates as required by the Fair Credit Reporting Act (FCRA);
Assurance that information policies and practices are in place for security and confidentiality of data; and
Description of the types of information your company discloses about former customers and to whom you disclose such information.

How To Construct Your Privacy Policy To Comply With Gramm-Leach-Bliley

We thought it might be helpful to walk you through the process of creating a privacy policy that meets the notice and opt-out requirements of GLB. Go directly to our generator and fill out the questions. We'll send you a customized page you can post to your Web site and mail to your customers.

Most Frequently Asked Questions Regarding Gramm-Leach-Bliley

We have put together a series of questions and answers to assist marketers in understanding and complying with GLB. Go to our FAQ section.

The Gramm-Leach-Bliley Privacy Policy Generator is being provided to you as a benefit of your membership in the Direct Marketing Association (DMA). It is meant for use by DMA members only and it is not for distribution or resale to any third party. Any reproduction, retransmission, or republication of all or part of this Privacy Policy generator is expressly prohibited unless the DMA has expressly granted its prior written consent to so reproduce, retransmit, or republish the material. All other rights reserved.

This toolkit is meant for educational guidance and is not intended to replace or replicate sound legal advice from your legal counsel. Please ensure you review the Privacy Policy with your legal counsel upon completion.

You should check this site frequently for updates since the rules and regulations may change. To ensure you are receiving updates and alerts about such changes, please sign up for DMA’s Compliance Network by going to ethics@the-dma.org.