This template is a model policy, and it addresses information security requirements for financial institutions to protect against compromise or loss of customer information under the Gramm-Leach-Bliley Act of 1999 (GLBA), 15 U.S.C. ยงยง 6801, et seq. This template includes practical guidance and drafting notes. The primary data protection implications of the GLBA are described in the so-called, "Safeguards Rule," codified at 16 CFR Part 314, as well as additional privacy and security requirements issued under the Federal Trade Commission (FTC) Privacy Rule. The GLBA requires that financial institutions act to ensure the confidentiality and security of customers' "nonpublic personal information," or NPI. Nonpublic personal information includes Social Security numbers, credit and income histories, credit and bank card account numbers, phone numbers, addresses, names, and any other personal customer information received by a financial institution that is not public. This policy is designed ...