The Gramm-Leach-Bliley Act is intended to protect against unauthorised access and abuse of personal customer information held by companies operating in the financial sector. It gives individuals the right to opt out of information sharing among companies. Although the Act principally affects financial businesses such as banks, insurance companies, mortgage brokers and financial advisors, it may also extend to any company requiring disclosure of personal financial information. How far the Act extends is the source of confusion for many US businesses and their advisers.
The US approach to controlling business practices tends to rely on industry self-regulation rather than government legislation. On the internet, this usually takes the form of privacy policies which the Act effectively requires by demanding that companies give “clear and conspicuous” notice to individuals.