Copyright 2023 IDG Communications, Inc. CSO provides news, analysis and research on security and risk management, Security and privacy laws, regulations, and compliance: The complete guide. Before the GLBA, these kinds of scams could only be prosecuted under other laws about fraud or false pretenses that didn't always exactly match up with attackers' specific techniques. 11494, 129 Stat. An institutions or servicers written information security program must include the following nine elements included in the FTCs regulations: Element 1: Designates a qualified individual responsible for overseeing and implementing the institutions or servicers information security program and enforcing the information security program (16 C.F.R. 6801-6809, 6821-6827, Competition and Consumer Protection Guidance Documents, An Inquiry into Cloud Computing Business Practices: The Federal Trade Commission is seeking public comments. Search the Legal Library instead. But this is not normally the case, and often different provisions of the law will logically belong in different, scattered locations in the Code. 378) by the Supreme Court of the United States in the case of Investment Company Institute v. Camp (401 U.S. 617 et seq. Title V boldly introduces the topic of Privacy and the Disclosure of Nonpublic Personal Information. Sponsored item title goes here as designed, The security laws, regulations and guidelines directory, What is pretexting? 1338, enacted November 12, 1999) is an act of the 0000002543 00000 n
Why can't these popular names easily be found in the US Code? rZ This process will be necessary for each IP address you wish to access the site from, requests are valid for approximately one quarter (three months) after which the process may need to be repeated. WebThe Gramm-Leach-Bliley Act required the Federal Trade Commission (FTC) and other government agencies that regulate financial institutions to implement regulations to carry out the Acts financial privacy provisions (GLB Act). The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely. By joining our advisory group, you can help us make GovTrack more useful and engaging to young voters like you. <>stream 0000007171 00000 n
106-102, 113 Stat. 1787, codified at 15 U.S.C. You can also find guidance regarding GLBA as well as other cybersecurity resources on the FSA Partner Connect Cybersecurity page. Apr 25, 2023. Title V, subtitle A, of this Act (15 U.S.C. Youve cast your vote. S.900 - Gramm-Leach-Bliley Act 106th Congress (1999-2000) Law Hide Overview . Looking for legal documents or records? Also, Sections 131-133 of the Act (15 U.S.C. Element 4: Provides for the institution or servicer to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 C.F.R. 1828a) and section 115 (12 U.S.C. <> L. 111203, set out as a note under section 552a of Title 5, Government Organization and Employees. The .gov means its official. Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements, (GENERAL-23-09) The GrammLeachBliley Act (GLBA) provides customers to have secured information by financial institutions. 0000020628 00000 n
on this bill on a six-point scale from strongly oppose to strongly support. We love educating Americans about how their government works too! These would take the form of strict requirements about evidence people need to provide to prove they have the right to information they're trying to access, along with staff training to recognize and push back against phishing and other forms of pretexting. Provision allowing for exceptions after report to the Congress. Section 6801 et seq. 106-102, 113 Stat. The text of the bill below is as of Apr 19, 2023 (Introduced). If organizations don't feel that they are up to the task of assessing their own preparedness and compliance, or if they want an honest assessment from an outsider, they can pay a third-party organization to audit their compliance. We hope to enable educators to build lesson plans centered around any bill or vote in Congress, even those as recent as yesterday. requires the FTC, along with the Federal banking agencies and other regulators, to issue regulations ensuring that financial institutions protect the privacy of consumers' personal financial information. Definition, examples and prevention, business continuity and disaster recovery, The 10 most powerful cybersecurity companies, 7 hot cybersecurity trends (and 2 going cold), The Apache Log4j vulnerabilities: A timeline, Using the NIST Cybersecurity Framework to address organizational risk, 11 penetration testing tools the pros use, Designate employees to coordinate an infosec program, Identify risks to customer information across your company and assess the effectiveness of your current safeguards, Design, implement, monitor, and test an overarching safeguard program, Select service providers that are able to meet the requirements of the GLBA, and write that into your contract with them, Continually evaluate your program as circumstances and the threat landscape change, Understand the regulations and how they apply to you, Conduct a risk assessment (more on which in a moment), Ensure that effective controls are in place to mitigate risks, Make sure your service providers are GLBA-compliant, Confirm that you're meeting Privacy Rule requirements, Update your disaster recovery and business continuity plans, Prepare a written information security plan (WISP) a formal document of this type is a GLBA requirement, Report to the board the GLBA requires those responsible for inforsec make an annual report to an organizations managing board on GLBA compliance. The Gramm-Leach-Bliley Act (GLB Act) of 1999 sought to provide new rules for financial privacy. Responsible individuals at those institutionsgenerally company officers or members of the board of directorscan be personally fined up to $10,000 for each violation, Those individuals may also be sentenced to up to 5 years in prison. The GLBA has important implications for pretexting in a couple different respects. Your note is for you and will not be shared with anyone. The Gramm-Leach-Bliley Act (GLBA), signed into law last November, authorized the certification of financial holding companies, the structure that looks to be the main vehicle for linking commercial banks with securities firms, insurance firms, and merchant banking. L. 111203 inserted ,other than the Bureau of Consumer Financial Protection, after section 6805(a) of this title in introductory provisions. GLBA consumer vs. customer. 6803(e). Visit us on Mastodon Data breaches (a) Subject to a determination under subparagraph (B), the Comptroller of the Currency may extend the 2-year period referred to in subparagraph (A) above from time to time as to any particular national bank for not more than 6 months at a time, if, in the judgment of the Comptroller, such an extension would not be detrimental to the public interest, but no such extensions shall in the aggregate exceed 1 year. <>/ExtGState<>>> 4. The Gramm-Leach-Bliley Act required the Federal Trade Commission (FTC) and other government Competition and Consumer Protection Guidance Documents, The FTC Safeguards Rule requires covered companies to develop, implement, and maintain an information security program. box 40751 olympia wa 98504-0751 3 0 obj (b). Postsecondary institutions and third-party servicers must protect student financial aid information provided to them by the Department or otherwise obtained in support of the administration of the Federal student financial aid programs (Title IV programs) authorized under Title IV of the Higher Education Act of 1965, as amended (HEA). The Graham-Leach-Bailey Act (GLBA) is a 1999 law that allowed financial services companies to offer both commercial and investment banking, something that had been banned since the Great Depression. V0! The Comptroller of the Currency, after opportunity for hearing, may terminate, at any time, the authority conferred by the preceding subparagraph to continue any affiliation subject to such subparagraph until the end of the period referred to in such subparagraph if the Comptroller determines, having due regard for the purposes of this Act, that such action is necessary to prevent undue concentration of resources, decreased or unfair competition, conflicts of interest, or unsound banking practices and is in the public interest. WebV, Gramm-Leach-Bliley Act (15 U.S.C. No appropriate Federal banking agency, by regulation, order, interpretation, or other action, and no court within the United States may construe the paragraph designated the Seventh of section 5136 of the Revised Statutes of the United States (12 U.S.C. WebIn 2006, the Financial Services Regulatory Relief Act (Relief Act) amended the GLBA. On the other hand, government agencies can and do include GLBA compliance criteria in their audits of institutions covered by the Act. Our Table of Popular Names is organized alphabetically by popular name. endobj 24a) is amended to read as follows: In the case of a national bank which, pursuant to the amendments made by paragraph (1), is no longer authorized to control or be affiliated with a financial subsidiary as of the date of the enactment of this Act, such affiliation shall be terminated as soon as practicable and in any event no later than the end of the 2-year period beginning on such date of enactment. Short title. The FTC enforces these provisions with regard to entities not specifically assigned by the provision to the Federal banking agencies or other regulators. Apr 26, 2023, But presidents still wouldnt be able to move their legal cases to the shows The Peoples Court or Divorce Court. In addition to reforming the financial services industry, the Act addressed concerns relating to consumer financial privacy. Section 2 of the Bank Holding Company Act of 1956 (12 U.S.C. 314.4(h)). SM_Y9d1`uwUN:t m^3_ . 0000001050 00000 n
1811 et seq.) fC\huwa W.`SU`GH 0000030139 00000 n
WebSec. The Act also limits the sharing of account number information for marketing purposes. The Department will issue guidance on NIST 800-171 compliance in a future Electronic Announcement, but again encourages institutions to begin incorporating the information security controls required under NIST 800-171 into the written information security program required under GLBA as soon as possible. 4 0 obj ?E
Mk~tEK:UiZuS:oEGQ^};_nzG+>)Ce0W!j1zA0:0%P'DN#y
endstream
endobj
133 0 obj
444
endobj
115 0 obj
<<
/Type /Page
/Parent 97 0 R
/Resources 116 0 R
/Contents 121 0 R
/Thumb 58 0 R
/MediaBox [ 0 0 612 792 ]
/CropBox [ 0 0 612 792 ]
/Rotate 0
>>
endobj
116 0 obj
<<
/ProcSet [ /PDF /Text ]
/Font << /F1 120 0 R /F2 117 0 R /F3 125 0 R >>
/ExtGState << /GS1 127 0 R >>
>>
endobj
117 0 obj
<<
/Type /Font
/Subtype /Type1
/FirstChar 32
/LastChar 151
/Widths [ 287 296 333 574 574 833 852 241 389 389 500 606 278 333 278 278 574
574 574 574 574 574 574 574 574 574 278 278 606 606 606 500 747
759 778 778 833 759 722 833 870 444 648 815 722 981 833 833 759
833 815 667 722 833 759 981 722 722 667 389 606 389 606 500 333
611 648 556 667 574 389 611 685 370 352 667 352 963 685 611 667
648 519 500 426 685 611 889 611 611 537 389 606 389 606 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1000 ]
/Encoding /WinAnsiEncoding
/BaseFont /OPPKBD+NewCenturySchlbk-Bold
/FontDescriptor 118 0 R
>>
endobj
118 0 obj
<<
/Type /FontDescriptor
/Ascent 737
/CapHeight 722
/Descent -205
/Flags 262178
/FontBBox [ -165 -250 1000 988 ]
/FontName /OPPKBD+NewCenturySchlbk-Bold
/ItalicAngle 0
/StemV 154
/XHeight 475
/StemH 54
/CharSet (=RaaE%=m\)^M*\\{cet/m\(V\
{xJ{VX-0T}bQ+6\\S,>>KqMXt2U\
t\(yF7\\"E?k>R|)
/FontFile3 130 0 R
>>
endobj
119 0 obj
<<
/Type /FontDescriptor
/Ascent 737
/CapHeight 722
/Descent -205
/Flags 34
/FontBBox [ -195 -250 1000 965 ]
/FontName /OPPKBE+NewCenturySchlbk-Roman
/ItalicAngle 0
/StemV 92
/XHeight 464
/StemH 45
/CharSet (-QGuYD\\\\[_X1fG+e_-"8tkhXT\
Uh3*p\)cE.wnl5h#! Each of these individual provisions would, logically, belong in a different place in the Code. To repeal certain provisions of the Gramm-Leach-Bliley Act and revive the separation between commercial banking and the securities business, in the manner provided in the Banking Act of 1933, the so-called Glass-Steagall Act, and for other purposes. The Gramm Leach Bliley Act (GLB or GLBA) was enacted in 1999. Make sure you're in compliance nowit'll protect both you and your customers. You'll need to: The Safeguard Rule's mandates are generally phrased in terms of outcomes rather than specific infosec techniques that are required to achieve those outcomes. Section 18 of the Federal Deposit Insurance Act (12 U.S.C. Place hold Add to cart 7 0 obj In the case of a bank holding company which, pursuant to the amendments made by paragraph (1), is no longer authorized to control or be affiliated with any entity that was permissible for a financial holding company, any affiliation by the bank holding company which is not permitted for a bank holding company shall be terminated as soon as practicable and in any event no later than the end of the 2-year period beginning on such date of enactment. Any affiliation of an insured depository institution with any broker or dealer, any investment adviser, any investment company, or any other person, as of the date of the enactment of the Return to Prudent Banking Act of 2023, which is prohibited under paragraph (1) shall be terminated as soon as practicable and in any event no later than the end of the 2-year period beginning on such date of enactment. In cases where no data breaches have occurred and the institutions or servicers security systems have not been compromised, if the Department determines that an institution or servicer is not in compliance with all of the Safeguards Rule requirements, the institution or servicer will need to develop and/or revise its information security program and provide the Department with a Corrective Action Plan (CAP) with timeframes for coming into compliance with the Safeguards Rule. \
Data breaches (a) In general Title V of the Gramm-Leach-Bliley Act ( 15 U.S.C. If you can, please take a few minutes to help us improve GovTrack for users like you. Repeal of provision relating to foreign banks filing as financial holding companies. 8 0 obj Such audits can provide invaluable feedback, but keep in mind that they're essentially just providing a second opinion from a private company, not offering the United States Federal government's seal of approval. (1971)) as to the construction and the purposes of such provisions. Looking for legal documents or records? The appropriate Federal banking agency, after opportunity for hearing, may terminate, at any time, the authority conferred by the preceding subparagraph to continue any affiliation subject to such subparagraph until the end of the period referred to in such subparagraph if the agency determines, having due regard for the purposes of this subsection and the Return to Prudent Banking Act of 2023, that such action is necessary to prevent undue concentration of resources, decreased or unfair competition, conflicts of interest, or unsound banking practices and is in the public interest. endobj prohibits obtaining customer information of a financial institution by false pretenses. Part 314. !`MBq!O!Xe=xB7p4IjPw 0jb7cZ5>$. 1820a). Each institution that participates in the Title IV programs has agreed in its Program Participation Agreement (PPA) to comply with the GLBA Safeguards Rule under 16 C.F.R. An official website of the United States government. others, or safeguarding financial assets other than money. The law requires 0000001912 00000 n
Prohibition on officers, directors and employees of securities firms service on boards of depository institutions. To repeal certain provisions of the Gramm-Leach-Bliley Act and revive the separation between commercial banking and the securities business, in the manner But if you're looking for a risk assessment specifically tailored to Federal cybersecurity mandates like the GLBA, the Federal Financial Institution Examination Council (FFIEC) has you covered. A BILL To amend the Gramm-Leach-Bliley Act to establish procedures for disclosures by financial institutions of nonpublic personal information, and for other purposes. 1 This guide was prepared by the staff of the U.S. Securities and Exchange Commission as a "small entity compliance guide" under Section 212 of the Small Business Regulatory Enforcement Fairness Act of 1996, as amended. 1338. Text for H.R.2714 - 118th Congress (2023-2024): To repeal certain provisions of the Gramm-Leach-Bliley Act and revive the separation between commercial banking and the securities business, in the manner provided in the Banking Act of 1933, the so-called "Glass-Steagall Act", and for other purposes. Hackers/journalists/researchers: See these open data sources. Part 314. These notices must describe the privacy practices of financial institutions, including whether and how they share customers nonpublic personal information. For instance, there's no specific GLBA password requirements; instead, GLBA-covered institutions are expected to follow contemporary best practices for authenticating access to personal data, which in practice today would include an appropriate password regime. Section 3(a)(4)(B) of the Securities Exchange Act of 1934 (15 U.S.C. 1843) is amended by striking subsections (k), (l), (m), (n), and (o). The third major data privacy aspect of the GLBA is the Pretexting Rule. Young Americans have historically been the least involved in politics, despite the huge consequences policies can have on them. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely. Element 8: For an institution or servicer maintaining student information on 5,000 or more consumers, addresses the establishment of an incident response plan (16 C.F.R. Each report submitted to the Congress under subsection (a) shall contain a detailed description of the basis for the determination or extension. Subject to a determination under subparagraph (B), any individual described in subparagraph (A) who, as of the date of the enactment of the Return to Prudent Banking Act of 2023, is serving as an officer, director, employee, or other institution-affiliated party of any insured depository institution shall terminate such service as soon as practicable after such date of enactment and no later than the end of the 60-day period beginning on such date. For instance, someone might call up your bank, armed with a few pieces of information about you like your address or social security number, and try to bluff them into giving them more information, or even access to your account. The Gramm-Leach-Bliley Act (G-L-B) versus Best Practices in Network Security. !/'r&[!Lg9jW@p
"KL )DlT{8:5Dm(HzmKr{xYy=XGtU]1wNS$ZDv[DcU$SO8u%7{~sEO`2E\7gk(Tkr^d+ZYzv SBUU#$\'N_=EIDhq8UER'4&8(n@6x+r{-^?c^cRpsX&dXr\[$&B(VF*&Hn6U'/Z4M3u,bg`0
"dxm?Y\9p!82W1h:&z Mt?,`"cTcH^{x]F{=:
)tL1kx.]Jn nu@y_nU{1&;I9:SGx#oHTr'7y
endstream
endobj
129 0 obj
<< /Filter [ /ASCII85Decode /FlateDecode ] /Length 12113 /Subtype /Type1C >>
stream
0000008401 00000 n
Part 314 use the terms customer and customer information. For the purpose of an institutions or servicers compliance with GLBA, customer information is information obtained as a result of providing a financial service to a student (past or present). Gramm-Leach-Bliley Act An Act to Enhance Competition in the Financial Services Industry by Providing a Prudential Framework for the Affiliation of Banks, Securities Firms, Insurance Companies, and Other Financial Service Providers, and for Other Purposes Public Law 106-102, 106th Congress, S. 900 NOTE: 113 Stat. "6hfeLT*RWCW\O^ ~UTdhD/~p(&uJUCPu~}12k$kKq!/ uC}$Bw5C|W?3pK%>S@aMiVe+JS\5vP
tVZ_XOh%$ HX6fZE,)HYPo6|QZBJ%0LNNJP$@z7E+F+#}S`2?1$T&M_f ~H?Ld:92#h-2ipM#7$2`1U;V]Gobek~C&/w|udk7a+!H` Section 728 of the Regulatory Relief Act directs the agencies named in Section 504(a)(1) of the GLB Act, 15 U.S.C. Section 21 of the Banking Act of 1933 (12 U.S.C. 12 new state privacy and security laws explained: Is your business ready? The current information security requirements that institutions must meet are the GLBA Safeguards Rule requirements at 16 C.F.R. This Act may be cited as the Return to Prudent Banking Act of 2023. Likens., In the Matter of, 77 Investigations, Inc. and Reginald Kimbro, CEO Group, Inc. d/b/a Check Em Out, and Scott Joseph. The Relief Act amendment directed financial regulatory agencies to collaborate and develop a 1338, codified in relevant part primarily at 15 U.S.C. 0000007438 00000 n
Definition of activities closely related to banking. Thank you for joining the GovTrack Advisory Community! The law applies to any business that is "significantly engaged" in providing financial products or services to consumers. Are you up on what the revised Rule requires? 6803(f)), and before disclosing any consumer's personal financial information to an unaffiliated third party, and must give notice and an opportunity for that consumer to "opt out" from such disclosure. It may seem a bit strange at first that a financial services law has such a profound impact on IT and data security. If you teach United States government and would like to speak with us about bringing legislative data into your classroom, please reach out! Subtitle A also requires the FTC and other agencies to issue regulations for the safeguarding of personal financial information; this authority did not transfer. The site is secure. We are also still on Instagram at @govtrack.us posting 60-second video summaries of legislation in Congress. The Gramm-Leach-Bliley Act is a U.S. federal law created to control how financial institutions deal with a consumers non-public personal information (NPI). Subtitle B of Title V (15 U.S.C. In making any determination under paragraph (1), the Board shall consider whether performance of the activity by a bank holding company or a subsidiary of such company can reasonably be expected to result in a violation of section 18(bb) of the Federal Deposit Insurance Act, section 21 of the Banking Act of 1933, or the spirit of section 2(c) of the Return to Prudent Banking Act of 2023, and other possible adverse effects, such as undue concentration of resources, decreased or unfair competition, conflicts of interests, or unsound banking practices. We enforce federal competition and consumer protection laws that prevent anticompetitive, deceptive, and unfair business practices. Wall between commercial banks and securities activities reestablished. GLBA related findings will have the same effect on an institutions participation in the Title IV programs as any other determination of non-compliance. 0000000809 00000 n
It is a United States federal law that requires financial Section 6801 et seq. Lina M. Khan was sworn in as Chair of the Federal Trade Commission on June 15, 2021. Limitation on agency interpretation or judicial construction. Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. The first is that it explicitly makes it illegal to use pretexting to try to gain access to the information about victims held by a financial institution covered by the Act. <> 5 0 obj Please sign up for our advisory group to be a part of making GovTrack a better tool for what you do. The data security and privacy aspects of the law were included to allay fears that this info would be misused or exploited. 1338, codified in relevant part primarily at 15 U.S.C. Such institutions must develop and give notice of their privacy policies to their own customers at least annually (except where exempted under section 75001 of the Fixing America's Surface Transportation Act (FAST Act), Pub. endobj The objectives of the GLBA standards for safeguarding information are to . And starting in 2019 well be tracking Congresss oversight investigations of the executive branch. But the framers of the law correctly foresaw that by loosening existing banking regulations, they were opening the door to the creation of huge, sprawling firms offering an array of services ranging from checking accounts to high-end investmentsand that these companies would have access to huge amounts of customer information. Element 5: Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 C.F.R. Pub. Launched in 2004, GovTrack helps everyone learn about and track the activities of the United States Congress. HTQj@}Ygv5/"M";eag|BG
y
^#XmRdPRj"\mc@FRDq+7{ER6{,_{kDF0Z"nd/b>oOc%"!a(N9!`bH.^"3=TgoNqe#k# ^TW=\wR}B >r? Add a note about this bill. 0JjvQ R 0000005709 00000 n
Institutions and servicers also sign the Student Aid Internet Gateway (SAIG) Enrollment Agreement, which states that they will ensure that all Federal Student Aid applicant information is protected from access by, or disclosure to, unauthorized personnel, and that they are aware of and will comply with all of the requirements to protect and secure data obtained from the Departments systems for the purposes of administering the Title IV programs. Nor will a full-text search of the Code necessarily reveal where all the pieces have been scattered. Check out their Cybersecurity Assessment Tool, which can help you identify specific areas in which your organization may not be aligned with the GLBA's requirements. Josh Fruhlinger is a writer and editor who lives in Los Angeles. The United States Code is meant to be an organized, logical compilation of the laws passed by Congress. If you have questions regarding any of the GLBA requirements, please contact the FTC at 202-326-2222. Find the resources you need to understand how consumer protection law impacts your business. 0000001588 00000 n
The language of the notices may be fairly boilerplate, and indeed the SEC makes model forms available. The changes to the Safeguards Rule expand on the minimum information security requirements that should already be in place at participating institutions and their third-party servicers. Repeated non-compliance by an institution or a servicer may result in an administrative action taken by the Department, which could impact the institutions or servicers participation in the Title IV programs. c t`njNSj:;LpCY2nu#NeNu(}:ON? WebGramm-Leach-Bliley Act Tags: Consumer Protection Mission Consumer Protection Law Pub. Download PDF. Element 9: For an institution or servicer maintaining student information on 5,000 or more consumers, addresses the requirement for its Qualified Individual to report regularly and at least annually to those with control over the institution on the institutions information security program (16 C.F.R. Subsection (j) of section 4 of the Bank Holding Company Act of 1956 (12 U.S.C. "[B&9y>2A}N"c`:s5IL[P=XR4xu w="(.lU[_ 3[aT!x,HfWZI_>2pq9:Nj!l WebThe GrammLeachBliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, (Pub.L. For purposes of this subsection, the terms broker and dealer have the same meanings as in section 3(a) of the Securities Exchange Act of 1934 and the terms investment adviser and investment company have the meaning given such terms under the Investment Advisers Act of 1940 and the Investment Company Act of 1940, respectively. The U.S. Senate WebId., adding 15 U.S.C. Federal government websites often end in .gov or .mil. (More Info). This is, obviously, a very broad mandate, though the good news is that it's obviously also a set of best practices that any organization that retains personal data ought to be following anyway; it's also broadly similar to regulatory mandates imposed on other industries like health care, so companies covered by multiple sets of regulations shouldn't have to duplicate work. The Federal Deposit Insurance Act (12 U.S.C. It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers nonpublic personal information. Spot the latest COVID scams, get compliance guidance, and stay up to date on FTC actions during the pandemic. Please note that compliance with the GLBA requirements is not the same as compliance with NIST 800-171. This is information that a financial institution collects when providing a financial product or service that can identify an individual and that isnt otherwise publicly available. The Federal Deposit Insurance Act is amended by striking section 46 (12 U.S.C.