TechFactsHub

How Does The Gramm-Leach-Bliley Act Define A Customer?

by
Last updated on 3 min read

Contents

  1. What’s Happening
  2. Step-by-Step Solution
  3. If This Didn’t Work
  4. Prevention Tips

Quick Fix Summary

Under GLBA, a “customer” is someone who's got an ongoing relationship with your institution for financial products or services used mainly for personal, family, or household needs. You’ll need to confirm that relationship exists, document it, and store the privacy notice. If the relationship is with a legal entity or just a one-time deal, GLBA doesn’t cover it.

What’s Happening

Come 2026, the Gramm–Leach–Bliley Act (GLBA) still turns on whether an individual—or their legal rep—has set up a continuing relationship with your financial institution for personal financial products or services. The law’s real goal? Protecting nonpublic personal information (NPI) from getting shared without permission and making sure privacy disclosures are crystal clear.

Step-by-Step Solution

  1. Determine relationship type – Pull up GLBA §13 U.S.C. 261 on the govinfo.gov search tool. Hunt for the “continuing relationship” wording in the statute and the CFPB’s CFPB Exam Manual (last updated in 2025).
  2. Check for NPI connection – Make sure the person handed over data when they applied for a mortgage, opened a checking account, or asked for investment advice. If that data was collected for a business loan to a corporation, GLBA doesn’t apply.
  3. Confirm exclusions – Corporations and partnerships with six or more people get left out under 15 U.S.C. §6809(9). Double-check the legal structure using the IRS’s entity classification chart.
  4. Issue the privacy notice – In your online banking portal (navigate to Settings → Privacy → GLBA Notice), flip the “Annual Privacy Notice” toggle. The notice must spell out exactly how NPI gets collected, used, and shared.
  5. Document opt-out rights – Stick a “Do Not Share My Information” link right under the notice (CFPB’s 2024 rule requires this). Log the timestamp and the customer’s acknowledgment in your CRM.

If This Didn’t Work

  • Re-evaluate the relationship – If the person only made a one-time inquiry—say, a mortgage pre-qualification that never went anywhere—they’re a “consumer,” not a “customer” under GLBA. Log that in your system.
  • Check state law overlap – Some states, like California (thanks to the CCPA updates in 2025), might treat certain business entities differently. Run a state-specific compliance scan with IAPP’s tool.
  • Consult the CFPB’s Ask CFPB forum – Drop your scenario in anonymously; GLBA specialists usually reply within 48 hours.

Prevention Tips

Update your intake forms every year to include a checkbox that confirms the customer’s relationship type. Train your team on the 2024 CFPB update, which spelled out how continuing relationships work for digital-only accounts. Schedule a quarterly audit using the CFPB’s compliance checklist to ensure notices go out within 30 days of account opening. For logging GLBA interactions securely, use encrypted CRM tools like Salesforce Financial Services Cloud.

Ryan Foster
Author

Ryan Foster is a networking and cybersecurity writer with 12 years of experience as a network engineer. He's configured more routers than he can count and firmly believes that 90% of internet problems are DNS-related. He lives in Austin, TX.

Related Articles

How Do I Send A Fake Payment On PayPal?
Apr 11, 2026
How Can You Repair Your Credit After Bankruptcy?
Apr 11, 2026
What Does Emergency Response Plan Mean?
Apr 10, 2026
Where To Find My Visa Number?
Apr 10, 2026
What All Comes Under Telecommunication?
Apr 9, 2026
What Is Interoperability In NIMS?
Apr 9, 2026
How Do You Write Down Expenses?What Is An Object Handle?