The Gramm-Leach-Bliley Act (“GLBA”), enacted in 1999, is a federal law that governs how financial institutions collect, protect, and share consumers’ nonpublic personal information. The law applies to a broad range of financial institutions, including banks, mortgage lenders, mortgage brokers, and other companies involved in consumer financial services. GLBA contains key privacy and data security provisions requiring institutions to provide consumers with privacy notices explaining how their information is used and shared, to allow consumers certain rights to opt out of information sharing with nonaffiliated third parties, and to implement safeguards designed to protect sensitive customer information from unauthorized access or misuse.
For Mortgage Loan Originators (“MLOs”), GLBA is significant because they routinely handle highly sensitive consumer information such as Social Security numbers, income documentation, credit reports, bank statements, and employment records during the mortgage application process. MLOs and their employers are required to maintain policies and procedures that protect borrower data, limit unauthorized disclosure, and ensure compliance with privacy and cybersecurity standards. Violations of GLBA can result in regulatory enforcement actions, financial penalties, reputational harm, and potential loss of consumer trust. As a result, compliance with GLBA is considered a fundamental responsibility within mortgage lending and financial services operations.
