The Gramm–Leach–Bliley Act (GLBA) provides limits on the use of customer personal information by financial institutions. This act, also known as the Financial Services Modernization Act of 1999, requires that customers be notified of potential disclosures of their personal information and given the opportunity to opt out of such disclosures. One GLBA requirement is implementation of a comprehensive data security program.
References:
http://www.educause.edu/Resources/Browse/GrammLeachBliley%20Act%20GLB%20Act/33353