In the electronic age, data protection is both extraordinarily important and highly challenging. In 1999, Congress addressed the public's growing sense of unease over privacy by passing the Gramm-Leach-Bliley Act (GLBA). This legislation and the ensuing rulemaking (Final Rule: Privacy of Consumer Information-SEC Regulation S-P) has helped to protect valuable customer information and to prevent data breaches. However, some critics argue that GLBA is inadequate to protect consumers. 

Through exceptionally broad definitions, GLBA protections apply to virtually all personal information about individual consumers held by more than 40,000 financial institutions in this country - including less traditional "financial institutions" such as check-cashers, information aggregators, and financial software providers. Coupled with protections mandated by the Fair Credit Reporting Act (FCRA), consumers now must be provided with: 

• Notice of the institution's practices regarding information collection, disclosure, and use, which must be clear, conspicuous, and updated each year;  
• Opt-out choice regarding the institution's sharing of information with non-affiliated third parties, and in certain instances, with affiliates;  
• Security in the form of mandatory policies, procedures, systems, and controls to ensure that personal information remains confidential;  
• Protection against inappropriate re-disclosure or re-use of personal information that is shared with third parties; and,  
• Enforcement of privacy protections via the full panoply of enforcement powers of financial institutions' regulatory agencies (federal bank regulators, the Securities and Exchange Commission, state insurance authorities, and the Federal Trade Commission).