Start Free Trial
Home/Regulations/Gramm-Leach-Bliley Act (GLBA) — Regulatory Reference
Regulatory Reference
Financial Services Federal (US) high

Gramm-Leach-Bliley Act (GLBA) — Regulatory Reference

Consumer financial data privacy, safeguards rule — governs AI access to NPI with vendor oversight and encryption.

Key Provisions
  • Safeguards Rule (16 CFR Part 314) — administrative, technical, and physical safeguards for NPI
  • Privacy Rule — initial and annual privacy notices; opt-out for sharing with non-affiliated third parties
  • Pretexting provisions — prohibition on obtaining NPI under false pretenses
  • 2021 amendments — designated qualified individual, written incident response plan, encryption requirements
How AutoPIL Enforces It
  • NPI classified at HIGH sensitivity in the source registry
  • Pre-retrieval enforcement blocks AI agents from NPI without policy authorization
  • Audit chain produces the 'written records' Safeguards Rule expects for AI access decisions
Policy EngineSensitivity LabelsAudit LogCatalogAgent Registry
AutoPIL Policy IDs
FS-GLBA-SR-001NPI Access Control for AI Agents
FS-GLBA-SR-002Vendor / Service Provider Oversight Logging
Official Sources
https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-acthttps://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries