The Gramm-Leach-Bliley Act (GLBA)

What is GLBA?

Also known as the Financial Services Modernization Act, the Gramm-Leach-Bliley Act (GLBA) was enacted in 1999 to protect private consumer information held by financial institutions. The GLBA requires banks to develop privacy notices and to provide customers with the option of prohibiting the sharing of their confidential information with non-affiliated third parties. On July 1, 2001, the Act was amended, requiring financial organizations to have a comprehensive, written information security program in place.

Who is affected by GLBA ?

The GLBA applies to virtually every business in the United States engaged in the “financial services” industry: institutions that provide financial products and services to consumers. This applies to all national banks and federal branches of foreign banks that are required to follow US banking regulations.

According to the Act, financial institutions are required to implement a comprehensive, written information security program that includes proper administrative, technical and physical safeguards, the nature of which are dependent upon the size and complexity of the organization. This requirement extends to any subsidiaries of the parent financial organization. The program must be designed to protect consumers’ non-public, personally-identifiable information by ensuring security and confidentiality of data, by preventing potential risks and threats to data, and by protecting against unauthorized access to or use of consumers’ private information.

When using service providers such as an outsourced document destruction company, financial institutions have a duty to safeguard their customers’ information while it is in the possession of the outsourced company. To adhere to this, the financial organization must use due diligence in selecting, managing and monitoring the service provider to ensure consumers’ private information is protected. This includes entering into contracts with an outsourcer when appropriate.

By purging outdated material and storing your active and/or inactive files with NORTHEAST RECORD RETENTION, we will assist your company in maintaining a document shredding program and/or records management program that meets or exceeds GLBA regulations.

NORTHEAST RECORD RETENTION uses state-of-the-art technology and highly trained and certified security professionals. We efficiently shred all documents either on your premises or at our state-of-the-art records center. We give you the option to watch the shredding process, and also provide you with a Certificate of Destruction that records each shred. With our document management and records storage program, you will quickly and accurately gain access to your documents. We use the O’Neil Software Inventory system with barcodes that will track all activity, help determine which files to maintain, how long to do so, and how to legally dispose of them when the records are no longer needed.

Trust NORTHEAST RECORD RETENTION as your partner in compliance with GLBA for maintaining your document security program.

For more information on the Gramm-Leach-Bliley Act (GLBA), please visit:

< Back to Compliances

DISCLAIMER: This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to your business.

© Northeast Record Retention.
New England's leading provider of record storage and data shredding services.

Ph: 1-877-603-3100
Fax: 1-603-792-8693