Gramm-Leach-Bliley Act
A federal law requiring financial institutions, including insurers, to protect customer data privacy and notify consumers about information-sharing practices.
The Gramm-Leach-Bliley Act (GLBA) is a federal law that governs how financial institutions, including insurers, collect, share, and protect customer information. It requires privacy notices, limits on information sharing with non-affiliated third parties, and a written information security program.
For insurance AI, GLBA matters because AI systems often process sensitive personal and financial data. Vendor-hosted AI tools raise additional questions: where data is stored, whether it is used to train models for other customers, and whether the sharing arrangement meets GLBA’s Safeguards and Privacy Rules.
GLBA does not directly regulate model fairness or AI governance, but it is part of the data-governance layer that carriers must maintain. A vendor contract that lacks data-use restrictions or security safeguards can create both GLBA and AI governance risk. See our AI vendor risk assessment checklist.