Which law addresses data protection requirements for financial institutions?

The Gramm-Leach-Bliley Act governs how financial institutions protect and disclose customers’ nonpublic personal information. It introduces requirements to safeguard this data and to be transparent about how it’s shared. Two key parts show this clearly: the Safeguards Rule, which requires a formal information security program with administrative, technical, and physical controls to protect data; and the Financial Privacy Rule, which governs what information can be shared with non-affiliated third parties and requires notices to customers detailing sharing practices (and, in some cases, options to opt out). This combination directly targets data protection for financial records and the ways customers’ information is handled. The other options don’t fit as well. HIPAA focuses on protecting health information, not general financial data. The Revised SEC Act isn’t a standard named regulation in this context. Sarbanes-Oxley centers on corporate governance and accurate financial reporting, not the protection of customer financial data. So the law that best matches data protection requirements for financial institutions is the Gramm-Leach-Bliley Act.