Which platforms does GLBA apply to?

ConductAtlas tracks GLBA-relevant provisions across 53 platforms. Visit the regulation page to see all affected platforms and their specific provisions.

How does ConductAtlas monitor GLBA compliance?

ConductAtlas captures policy documents daily, classifies provisions by regulatory framework, and flags changes that affect GLBA obligations. Every change is archived with cryptographic verification.

15 U.S.C. §§ 6801-6809

Gramm-Leach-Bliley Act

Statute — United States Federal

Effective: November 12, 1999 53 platforms tracked 999 provisions indexed Enforced by: Federal Trade Commission (FTC), Consumer Financial Protection Bureau (CFPB), Federal Banking Regulators (OCC, FDIC, Federal Reserve) Last reviewed May 9, 2026

Overview

The Gramm-Leach-Bliley Act requires financial institutions to explain their information-sharing practices to customers and to safeguard sensitive data. The Act has three principal components relevant to platform governance: the Financial Privacy Rule, the Safeguards Rule, and pretexting protections.

The Financial Privacy Rule requires financial institutions to provide customers with privacy notices explaining what information is collected, where it is shared, how it is used, and how it is protected. Customers must receive these notices when they first establish a relationship and annually thereafter.

The Safeguards Rule, updated significantly by the FTC in 2023, requires financial institutions to develop, implement, and maintain a comprehensive information security program including risk assessments, access controls, encryption, multi-factor authentication, and incident response plans.

Penalties

Criminal penalties for pretexting: fines up to $100,000 for individuals, $500,000 for institutions, and up to 5 years imprisonment.

Key Articles & Sections

§ 6802 Privacy Notices and Opt-Out Rights

Financial institutions must provide clear privacy notices and allow customers to opt out of information sharing with nonaffiliated third parties.
Read full text →
§ 6801 Protection of Nonpublic Personal Information

Financial institutions have an obligation to respect customer privacy and protect the security of nonpublic personal information.
Read full text →
16 CFR Part 314 Safeguards Rule (FTC)

Requires comprehensive information security programs including risk assessments, access controls, encryption, MFA, and incident response.
Read full text →
§ 6821-6827 Pretexting Protections

Prohibits obtaining customer financial information through false pretenses, fraudulent statements, or impersonation.
Read full text →

Platforms We Track Subject to GLBA

Acorns

31 relevant provisions

Adyen

17 relevant provisions

Affirm

17 relevant provisions

Afterpay

14 relevant provisions

Allstate

0 relevant provisions

Apple

16 relevant provisions

Apple Pay

5 relevant provisions

Bank of America

21 relevant provisions

Betterment

16 relevant provisions

Binance.US

28 relevant provisions

Brex

21 relevant provisions

Cash App

30 relevant provisions

Chase

19 relevant provisions

Checkout.com

14 relevant provisions

Chime

13 relevant provisions

Coinbase

61 relevant provisions

Credit Karma

0 relevant provisions

Equifax

24 relevant provisions

Experian

0 relevant provisions

Geico

2 relevant provisions

Gemini

19 relevant provisions

Google

16 relevant provisions

Google Pay

7 relevant provisions

Hilton

0 relevant provisions

Intuit

13 relevant provisions

Klarna

17 relevant provisions

Kraken

0 relevant provisions

Marqeta

0 relevant provisions

Marriott

0 relevant provisions

Mastercard

0 relevant provisions

Showing 30 of 53 platforms. View all platforms →

Recent Changes Related to GLBA

Jun 6, 2026 SoFi High

SoFi updated its Terms of Service on June 6, 2026 to explicitly state that the Arbitration Agreement is binding on users. The previous version listed the Arbitration Agreement as one of several agree…
View change record →
Jun 6, 2026 OpenSea Low

OpenSea's privacy policy was updated on June 6, 2026. The only detected change was a price figure in supporting content or header information, from $1,588.65 to $1,593.30. This appears to be a non-su…
View change record →
Jun 6, 2026 OpenSea Low

OpenSea's Terms of Service were updated on June 6, 2026, with one sentence modified. The change involved a price display update from $1,588.65 to $1,593.30 in the header area of the document. This ap…
View change record →
Jun 6, 2026 Binance.US High

Binance.US updated its Terms of Use on June 6, 2026, introducing automatic staking of eligible tokens unless users opt out, adding a 14-day notice requirement for material fee and policy changes star…
View change record →
Jun 5, 2026 OpenSea Low

OpenSea's Privacy Policy was updated on June 5, 2026. The detected change involves a modification to one sentence in the document. However, the specific change text provided only shows a price update…
View change record →
Jun 5, 2026 OpenSea Low

OpenSea updated its Terms of Service on June 5, 2026, with one sentence modified. The change involved a price reference in the document's header from $1,764.96 to $1,588.65. This appears to be a form…
View change record →
Jun 5, 2026 Robinhood Low

Robinhood updated a single timestamp in its Disclosure Library on June 5, 2026. The RHS Customer Margin Account Agreement timestamp changed from 'Sep 10, 2025, 08:30 AM' to 'Jun 5, 2026, 11:00 AM'. T…
View change record →
Jun 5, 2026 OpenSea Low

OpenSea's Privacy Policy was updated on June 5, 2026, with one sentence modified. The specific operational change involves a numerical value in the document's header changing from $1,770.86 to $1,764…
View change record →
Jun 5, 2026 OpenSea Low

OpenSea's Terms of Service was updated on June 5, 2026, with a modification to one sentence within a 330-sentence document. The detected change shows a price figure adjustment from $1,770.86 to $1,76…
View change record →
Jun 5, 2026 SoFi Medium

SoFi updated its Terms of Service on June 5, 2026 with primarily formatting and navigation improvements. The main substantive change removes language that previously required users to agree to SoFi's…
View change record →

ⓘ

ConductAtlas maps governance language to potentially relevant regulatory frameworks. Regulatory applicability and enforceability may vary by jurisdiction, enforcement context, and individual circumstances. This page is informational and does not constitute legal advice. Methodology