https://www.insurerbrain.com/w/index.php?action=history&feed=atom&title=Definition%3AGramm-Leach-Bliley_Act_%28GLBA%29Definition:Gramm-Leach-Bliley Act (GLBA) - Revision history2026-04-30T16:20:47ZRevision history for this page on the wikiMediaWiki 1.43.8https://www.insurerbrain.com/w/index.php?title=Definition:Gramm-Leach-Bliley_Act_(GLBA)&diff=7690&oldid=prevPlumBot: Bot: Creating new article from JSON2026-03-10T13:14:02Z<p>Bot: Creating new article from JSON</p>
<p><b>New page</b></p><div>🏛️ '''Gramm-Leach-Bliley Act (GLBA)''' is a landmark United States federal law enacted in 1999 that dismantled Depression-era barriers between banking, securities, and insurance activities, while simultaneously imposing significant [[Definition:Privacy | privacy]] and data-protection obligations on financial institutions — including [[Definition:Insurance carrier | insurance companies]], [[Definition:Insurance agent | agents]], and [[Definition:Insurance broker | brokers]]. For the insurance industry specifically, GLBA reshaped the competitive landscape by permitting banks and financial holding companies to [[Definition:Underwriting | underwrite]] and distribute [[Definition:Insurance product | insurance products]], and it established the foundational framework governing how insurers collect, share, and safeguard consumers' [[Definition:Personally identifiable information (PII) | personally identifiable information]].<br />
<br />
📜 The Act operates through three principal pillars relevant to insurers. The Financial Privacy Rule requires carriers and intermediaries to provide clear [[Definition:Disclosure | privacy notices]] explaining what nonpublic personal information they collect and with whom they share it, and to offer consumers an opt-out mechanism for certain third-party disclosures. The Safeguards Rule mandates that every [[Definition:Financial institution | financial institution]] — a category that includes insurers of all sizes — implement a written information-security program with administrative, technical, and physical safeguards proportionate to the sensitivity of the data held. Enforcement against insurance entities falls largely to state [[Definition:Insurance regulator | insurance regulators]] rather than federal agencies, making the [[Definition:National Association of Insurance Commissioners (NAIC) | NAIC]] Insurance Data Security Model Law a key companion regulation that translates GLBA principles into state-level requirements.<br />
<br />
🔐 In an era of accelerating [[Definition:Insurtech | insurtech]] innovation and expanding [[Definition:Data analytics | data analytics]] capabilities, GLBA's privacy and safeguard mandates sit at the center of compliance planning for any insurance operation that handles consumer data — from [[Definition:Policy administration system | policy administration]] to [[Definition:Claims management | claims management]] to [[Definition:Telematics | telematics]]-driven pricing. Failure to comply can trigger regulatory action, fines, and reputational damage. As [[Definition:Cyber risk | cyber threats]] intensify and state legislatures layer additional requirements on top of GLBA's baseline, insurers must continuously reassess their data-governance frameworks to remain compliant, making GLBA not a static compliance checkbox but an evolving operational imperative.<br />
<br />
'''Related concepts'''<br />
{{Div col|colwidth=20em}}<br />
* [[Definition:Personally identifiable information (PII)]]<br />
* [[Definition:National Association of Insurance Commissioners (NAIC)]]<br />
* [[Definition:Insurance Data Security Model Law]]<br />
* [[Definition:Privacy]]<br />
* [[Definition:Cyber risk]]<br />
* [[Definition:Insurance regulation]]<br />
{{Div col end}}</div>PlumBot