Which act requires financial institutions to explain their information-sharing practices?

The Gramm-Leach-Bliley Act (GLBA) specifically mandates that financial institutions disclose their information-sharing practices to consumers. This law was enacted to enhance privacy protection and to ensure that customers are informed about how their personal information is collected, used, and shared. Under GLBA, financial institutions must provide clear and understandable privacy notices, detailing what information is collected, how it is used, and with whom it may be shared.

The other acts mentioned do not focus specifically on the information-sharing practices of financial institutions. For instance, HIPAA primarily governs the protection of health information, while SOX is focused on corporate governance and financial transparency. HITECH, an extension of HIPAA, addresses health information technology and security but does not pertain to financial institutions’ transparency regarding their information-sharing policies. Thus, the GLBA is distinctly relevant in the context of financial institutions and their obligations to explain their practices to consumers.