FROM: KAREN L. SUTER, COMMISSIONER
RE: GRAMM-LEACH-BLILEY PRIVACY REQUIREMENTS
The Gramm-Leach-Bliley Act, P.L. 106-102 ("GLBA"), enacted November 12, 1999, requires financial institutions to protect the privacy of consumers’ non-public personal information, and to safeguard customer information. Title V of GLBA requires Federal and state regulators to implement GLBA’s privacy protections within six months of the Act’s effective date, except to the extent a later date is specified by rule. The Act took effect November 13, 2000; however, under the authority of GLBA at Section 510(1), Federal regulators delayed enforcement until July 1, 2001.
The purpose of this Bulletin is to remind all State-chartered and licensed financial institutions to which this Bulletin is directed of their obligation to comply with GLBA’s privacy requirements, and to urge all such entities to take steps to become familiar with GLBA’s requirements so as to be in a position to be in compliance with such requirements as of July 1, 2001. In doing so, entities should become familiar with GLBA, 15 U.S.C. §6801-6809 and 6821-6827, and applicable Federal rules jointly promulgated by the United States Department of the Treasury, Office of the Comptroller of the Currency, 12 CFR Parts 30 and 40; the Federal Reserve System, 12 CFR Part 216, and Parts 208, 211, 225 and 263; the Federal Deposit Insurance Corporation, 12 CFR Part 332, and Parts 308 and 364; and the Department of the Treasury, Office of Thrift Supervision, 12 CFR Part 573, and Parts 568 and 570; as well as by the Federal Trade Commission, 16 CFR Part 313, and the National Credit Union Administration, 12 CFR Parts 716 and 748.
The Department notes that it will be monitoring compliance with GLBA as part of the periodic examination of these entities pursuant to Subtitles 1 and 2 of the Title 17 of the Revised Statutes, N.J.S.A. 17:1 to 17:16.June 13, 2001 /s/ Karen L. Suter, Commissioner