The Gramm-Leach-Bliley Act (GLBA) is a 1999 federal law that modernized U.S. financial services by removing barriers between banking, securities, and insurance activities and by establishing privacy and data-security obligations. GLBA Privacy Rule governs how nonpublic personal information is collected, used, and shared, while the Safeguards Rule requires written information-security programs and oversight of service providers. For insurance agencies and BGAs, GLBA drives consumer notices, opt-out mechanisms for certain sharing, encryption, access controls, and incident-response planning across the client lifecycle.

Agencies adopt written privacy and security programs, encrypt data, and train staff. Vendor Agreements include GLBA obligations. During audits, firms show privacy notices, incident-response plans, and access logs aligned with GLBA.