TechFactsHub

How Does The Gramm-Leach-Bliley Act Define A Customer?

by
Last updated on 3 min read

Contents

  1. What’s Happening
  2. Step-by-Step Solution
  3. If This Didn’t Work
  4. Prevention Tips

The Gramm-Leach-Bliley Act defines a “customer” as an individual who has an ongoing relationship with a financial institution for personal, family, or household financial products or services as of 2026.

What’s Happening

GLBA’s definition of a customer hinges on whether an individual maintains an ongoing relationship with a financial institution for personal financial products or services, not a one-time transaction.

This law kicks in when someone opens a checking account, applies for a mortgage, or signs up for investment services for personal reasons. It doesn’t touch relationships formed for business purposes—like a company taking out a commercial loan. GLBA also forces institutions to spell out how they gather, use, and share nonpublic personal information (NPI) with customers. The Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) keep refining these definitions, most recently in 2025.

Step-by-Step Solution

To determine if someone qualifies as a customer under GLBA, confirm they have an active, ongoing relationship with your institution for personal financial services and document the relationship accordingly.

  1. Identify the relationship type – Flip through GLBA §13 (15 U.S.C. §6809(4)) and the CFPB’s Exam Manual (updated 2025) to separate “customers” from “consumers.”
  2. Verify NPI collection – Double-check that the person handed over sensitive data (think Social Security number, account details) during a personal financial transaction. If the data was gathered for a business, GLBA doesn’t apply.
  3. Exclude inapplicable entities – GLBA skips legal entities like corporations, partnerships with six or more members, and solo proprietorships without personal data ties. The IRS’s entity classification guide can help confirm this.
  4. Issue and document privacy notices – Get the privacy notice out within 30 days of account opening, then every year after that. Make sure the “Do Not Share My Information” opt-out link is live in your online portal and log customer acknowledgments in your CRM.

If This Didn’t Work

If GLBA’s definition doesn’t apply, treat the individual as a “consumer” and follow state privacy laws that may offer additional protections.

  • Reclassify the relationship – If the person only poked around (say, checking mortgage rates but never applying), log them as a “consumer” under GLBA. Update your internal tracking system to match.
  • Review state privacy laws – States like California (CCPA), Virginia (CDPA), and Colorado (CPA) have tighter rules that might overlap with GLBA. The IAPP’s compliance tool can help you figure out what you need to do.
  • Consult regulatory guidance – Run your scenario by the CFPB’s Ask CFPB forum for clarification on tricky cases. You’ll usually get a response from GLBA specialists within 48 hours.

Prevention Tips

To maintain GLBA compliance, update intake forms annually, train staff on the 2024 CFPB updates, and conduct quarterly audits using CFPB’s compliance checklist.

Add a quick checkbox to your account application asking customers to confirm their relationship is for personal use. Make sure your team knows how to handle digital-only accounts—the CFPB spelled this out in 2025. Run audits using the CFPB’s checklist to ensure privacy notices go out on time. Keep all GLBA-related interactions locked down in encrypted systems like Salesforce Financial Services Cloud or a similarly compliant CRM to meet retention and security rules.

Edited and fact-checked by the TechFactsHub editorial team.
Ryan Foster
Written by

Ryan Foster is a networking and cybersecurity writer with 12 years of experience as a network engineer. He's configured more routers than he can count and firmly believes that 90% of internet problems are DNS-related. He lives in Austin, TX.

Related Articles

How Can I Pay My Indigo Credit Card?
May 23, 2026
What Do You Do With Old Receipts?
May 23, 2026
What Is A DTPA Claim?
May 23, 2026
How Do I Stop A Bank From Taking My Home?
May 23, 2026
What To Do If You Cashed A Fake Check?
May 23, 2026
What Is Bank TAN Number?
May 17, 2026
How Do You Write Down Expenses?What Is An Object Handle?