Can a skip tracer legally find out where someone banks?

A skip tracer cannot use deception to discover banking information. Legal methods include debtor examinations, formal discovery, public records like UCC filings and bankruptcy filings, and the levy process which discovers account balances when banks respond.

Is it pretexting to call a debtor's employer to verify employment?

No. Calling an employer and honestly identifying yourself to verify employment is not pretexting. The GLBA prohibits obtaining financial information through deception, not honest inquiries.

Does the GLBA apply to commercial business financial information?

The GLBA primarily protects consumers. Business financial information is generally not covered. However, the pretexting prohibition broadly prohibits obtaining any customer information from financial institutions through false pretenses.

Can I be held liable for using information someone else obtained through pretexting?

Yes. The GLBA makes it illegal to knowingly receive financial information obtained through pretexting, or to request that someone obtain information through pretexting on your behalf.

🔒 Gramm-Leach-Bliley Act & Skip Tracing

Q: What is the difference between pretexting and social engineering?

Pretexting is a specific form of social engineering involving fabricated scenarios or identities to obtain information. Under the GLBA, any social engineering using false statements to obtain financial information constitutes illegal pretexting.

GLBA Compliance Guide for Skip Tracers, Investigators, and Debt Collectors — Permissible Purposes, Pretexting Prohibitions, and Financial Data Access Rules — 2025

🔒 GLBA Compliance 🔍 Skip Tracing 💰 Financial Data 🇺🇸 Federal Law 📅 Updated 2025

📑 What This Guide Covers

→ What Is the Gramm-Leach-Bliley Act? → The Three Key GLBA Provisions → Pretexting Prohibition → What Counts as Pretexting → Permissible Purposes for Financial Data → Financial Privacy Rule → Safeguards Rule → How the GLBA Affects Skip Tracing → Legal Methods for Financial Information → Penalties for GLBA Violations → GLBA vs Other Privacy Laws → GLBA Compliance Checklist → Frequently Asked Questions

📜 What Is the Gramm-Leach-Bliley Act?

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a federal law that governs how financial institutions handle consumers’ private financial information. For skip tracers, private investigators, debt collectors, and attorneys, the GLBA’s most critical provision is its strict prohibition on pretexting — obtaining someone’s financial information through false pretenses, deception, or impersonation. 📜

The GLBA was enacted primarily to regulate the financial services industry after the repeal of parts of the Glass-Steagall Act, but its privacy provisions reach far beyond banks and lending institutions. Anyone who attempts to access a consumer’s financial information — including skip tracers looking for a debtor’s financial records, investigators conducting asset searches, or anyone posing as someone they are not to obtain account information — must comply with the GLBA’s requirements. Violations carry severe criminal penalties including imprisonment. 🔒

For the skip tracing and investigation industry specifically, the GLBA draws a bright line between legitimate investigative techniques (which are legal) and pretexting (which is a federal crime). Understanding exactly where that line is — and staying on the right side of it — is essential for every professional who locates people or investigates assets for a living. This guide explains the GLBA in practical terms for investigators, skip tracers, and the attorneys and creditors who use their services. ⚖️

🚨 Pretexting Is a Federal Crime

Unlike many regulatory violations that result in civil penalties, GLBA pretexting violations are criminal offenses. Under 15 U.S.C. § 6823, obtaining or attempting to obtain financial information through false pretenses is punishable by up to 5 years in federal prison and fines up to $100,000 for individuals. For organizations, fines can reach $500,000. These penalties apply to the person who pretexts, the person who directs the pretexting, and anyone who knowingly receives financial information obtained through pretexting.

📊 The Three Key GLBA Provisions

The GLBA contains three major privacy-related provisions, each serving a different function. While all three matter, the pretexting prohibition is by far the most relevant for skip tracers and investigators: 📊

Provision	What It Does	Who It Primarily Affects
🔒 Financial Privacy Rule	Requires financial institutions to provide privacy notices and allows consumers to opt out of information sharing	Banks, credit unions, insurance companies, securities firms, financial advisors
🛡️ Safeguards Rule	Requires financial institutions to implement security measures to protect customer data	Financial institutions and their service providers
🚫 Pretexting Prohibition	Makes it a federal crime to obtain financial information through false pretenses, fraud, or deception	Everyone — including skip tracers, investigators, debt collectors, and any person who seeks financial information

🚫 The Pretexting Prohibition — Most Critical for Skip Tracers

The GLBA’s pretexting provisions (15 U.S.C. §§ 6821-6827) are the most important sections for skip tracers, investigators, and debt collectors. These provisions make it illegal to use false, fictitious, or fraudulent statements or documents to obtain customer information from a financial institution or directly from a customer. The prohibition is broad and covers multiple methods of deception: 🚫

🔴 Impersonating the account holder. Calling a bank and pretending to be the customer to obtain account information, balances, or transaction history is a federal crime. This includes using stolen personal information (SSN, date of birth, mother’s maiden name) to pass security verification.

🔴 Impersonating a financial institution employee. Posing as a bank employee, loan officer, or other financial services representative to obtain customer information from either the institution or the customer violates the GLBA.

🔴 Using fraudulent documents. Submitting forged authorization letters, fabricated subpoenas, or fake court orders to obtain financial information is both pretexting under the GLBA and potentially fraud, forgery, and obstruction of justice.

🔴 Social engineering. Using psychological manipulation to trick financial institution employees into revealing customer information — regardless of whether the caller explicitly lies about their identity — can constitute pretexting if false or misleading representations are involved.

🔴 Phishing and digital deception. Creating fake websites, sending deceptive emails, or using other digital means to trick consumers or financial institutions into revealing financial information constitutes pretexting.

🔍 What Exactly Counts as Pretexting?

Understanding the boundary between legitimate investigation and illegal pretexting is critical. Here are specific examples of what does and does not constitute pretexting under the GLBA: 🔍

✅ Legal Investigation Methods (NOT Pretexting)

🟢 Searching public records for property ownership, court judgments, UCC filings, and tax liens — these are publicly available and accessing them involves no deception.

🟢 Using professional skip tracing databases that compile information from legitimate sources (credit bureau headers, public records, utility connections) — accessing these databases with a permissible purpose is legal.

🟢 Obtaining financial records through proper legal process — subpoenas, court orders, debtor examinations, and formal discovery in litigation.

🟢 Conducting business asset searches using Secretary of State records, UCC filings, property records, and other public sources.

🟢 Requesting information that the financial institution is legally required to disclose — such as information required in response to a valid subpoena or court order.

🟢 The consumer voluntarily providing their own financial information directly to you.

❌ Illegal Pretexting Examples

🔴 Calling a bank and saying “This is John Smith, I need to check my account balance” when you are not John Smith.

🔴 Telling a bank employee “I’m calling from the fraud department” to get them to reveal account information.

🔴 Sending a letter on fabricated letterhead requesting account information.

🔴 Using a debtor’s personal information to access their online banking portal.

🔴 Having someone else (a “pretext operator”) make these calls on your behalf — you are liable as the person who directed the pretexting.

🔴 Purchasing financial information that you know (or should know) was obtained through pretexting.

📋 Permissible Purposes for Accessing Financial Data

The GLBA does not prohibit all access to financial information — it prohibits obtaining it through deception. There are several legitimate ways that investigators, skip tracers, and attorneys can legally access or discover financial information: 📋

Court Orders and Subpoenas

Financial institutions are required to comply with valid court orders and properly issued subpoenas. If you are involved in litigation, your attorney can subpoena financial records through the discovery process. In judgment collection, a debtor examination allows the court to compel the debtor to disclose their financial accounts, and the court can issue orders for financial institutions to produce records. This is the gold standard for legally obtaining financial information.

Public Records

Significant financial information is available through public records that require no special authorization to access. Real property records reveal property ownership and mortgage information. UCC filings show secured loans and pledged assets. Tax liens reveal IRS and state tax debts. Court judgments show who owes money and how much. Bankruptcy filings disclose comprehensive financial information. These public records provide substantial financial intelligence without any GLBA concerns.

Skip Tracing Databases

Professional skip tracing databases aggregate information from legitimate sources — credit bureau header data (name, address, SSN association — not credit details), public records, utility connections, and other lawful sources. Accessing these databases for permissible purposes (such as serving process, collecting a judgment, or locating a person for legitimate legal reasons) is legal and does not involve pretexting.

Voluntary Disclosure

If the consumer or business voluntarily provides financial information — in a loan application, a credit application, a rental application, or during a debtor examination — that information was not obtained through pretexting. The key is that the disclosure must be genuinely voluntary and not induced by false pretenses.

Regulatory and Law Enforcement Access

Government agencies, regulators, and law enforcement have specific statutory authority to access financial records through processes defined by law (such as the Right to Financial Privacy Act for federal agencies). These authorized access methods are not pretexting.

📄 The Financial Privacy Rule

While the pretexting prohibition is the GLBA section most relevant to investigators and skip tracers, understanding the Financial Privacy Rule provides important context for how financial information flows and where the legal boundaries are: 📄

📌 Privacy notices. Financial institutions must provide privacy notices to their customers explaining what personal information the institution collects, how it is used, how it is shared, and how it is protected. These notices must be provided when the customer relationship is established and annually thereafter.

📌 Opt-out rights. Consumers have the right to opt out of having their “nonpublic personal information” (NPI) shared with certain non-affiliated third parties. If a consumer opts out, the financial institution may not share their information with non-affiliated companies for marketing or other purposes not authorized by the consumer. This opt-out right does not apply to information sharing that is necessary for servicing the account, processing transactions, or complying with legal requirements.

📌 What is “nonpublic personal information”? NPI includes any personally identifiable financial information that a consumer provides to a financial institution, that results from a transaction with the consumer, or that is otherwise obtained by the institution. This includes account numbers, account balances, transaction history, income information, Social Security numbers (when associated with financial accounts), and credit information. It does not include publicly available information like property records or court judgments.

📌 Exceptions to opt-out. Financial institutions may share NPI without consumer consent for processing transactions, servicing accounts, complying with legal requirements (subpoenas, court orders), fraud prevention, reporting to consumer reporting agencies, and other purposes specifically enumerated in the Act.

🛡️ The Safeguards Rule

The GLBA Safeguards Rule (updated significantly by the FTC in 2023) requires financial institutions and certain other entities to develop, implement, and maintain a comprehensive information security program. While this primarily affects financial institutions, it has implications for any business that handles consumer financial data — including investigation firms and skip tracing companies that access or store financial information: 🛡️

📊

Risk Assessment

Companies must conduct a written risk assessment identifying internal and external risks to customer information.

🔐

Security Measures

Implement access controls, encryption, multi-factor authentication, employee training, and incident response planning.

👤

Designated Officer

A qualified individual must be designated to oversee the information security program.

📡

Ongoing Monitoring

Continuous monitoring of systems, regular testing, and annual reporting to governance body.

🤝

Service Provider Oversight

Contractually require service providers to implement and maintain appropriate safeguards.

💡 Why This Matters for Skip Tracers

If your skip tracing or investigation business accesses, stores, or processes consumer financial information (even incidentally, as part of skip trace reports or asset searches), you may be subject to the Safeguards Rule. Maintaining proper data security is not just good practice — it may be a legal requirement. Implement access controls, encryption, and secure disposal procedures for any financial data you handle.

🔍 How the GLBA Directly Affects Skip Tracing

For professional skip tracers and investigators, the GLBA creates specific boundaries that shape daily operations. Here is how the law affects common skip tracing and investigation activities: 🔍

📋 Locating people — generally fine. The core skip tracing function of locating a person’s current address, phone number, and place of employment typically does not involve accessing financial institution records and therefore does not implicate the GLBA. Using professional databases, public records, utility records, and other non-financial sources to locate people is legal and GLBA-compliant.

📋 Asset searches — use public records. Conducting asset searches through public records (property records, vehicle records, UCC filings, court judgments, tax liens) is fully GLBA-compliant because these are publicly available records. You do not need to access financial institution records to identify significant assets. A comprehensive business asset search or real property search reveals substantial financial information without touching financial institution data.

📋 Employment verification — be careful. Verifying employment through legitimate means (contacting the employer directly, using commercial verification databases like The Work Number) is fine. However, calling an employer while pretending to be someone you are not to obtain income or financial information could constitute pretexting.

📋 Third-party contacts — follow FDCPA rules. When contacting third parties to locate debtors, follow the FDCPA’s Section 1692b rules for third-party contacts. These rules align with GLBA compliance — identify yourself honestly, seek only location information, and do not use deception.

📋 Never pretext financial institutions. Under no circumstances should a skip tracer or investigator call a bank, credit union, brokerage, or other financial institution and misrepresent their identity to obtain customer information. Period. This is a federal crime with prison time. If you need financial institution records, obtain them through legal process — subpoenas, court orders, or debtor examinations.

🔍 GLBA-Compliant Investigation Services

Our skip tracing and asset search services use only legal, GLBA-compliant methods — public records, professional databases, and legitimate investigative techniques. No pretexting, no deception, no legal risk to our clients. Over 20 years of compliant investigation services. Results in 24 hours or less.

Order Investigation Now →

⚖️ Legal Methods for Obtaining Financial Information

When you legitimately need a debtor’s or subject’s financial information — for judgment collection, litigation, or due diligence — here are the legal methods available: ⚖️

Debtor Examination (Supplemental Proceedings)

After obtaining a judgment, most states allow you to compel the debtor to appear in court and answer questions about their assets, income, bank accounts, and financial condition under oath. The debtor examination is one of the most powerful legal tools for discovering financial information — and it is completely GLBA-compliant because the information is obtained through court process. Our guide on preparing for a debtor examination covers maximizing this tool.

Post-Judgment Discovery

Formal post-judgment discovery — interrogatories, document requests, and subpoenas — can compel the debtor and third parties (including financial institutions) to disclose financial information. Subpoenas to banks, brokerages, and other financial institutions must comply with the institution’s legal process requirements.

Pre-Litigation Investigation Using Public Records

Before filing suit, a comprehensive pre-litigation investigation reveals substantial financial information through public records alone — property ownership, vehicle records, UCC filings, tax liens, judgments, and business entity records. This approach is fully GLBA-compliant and provides the foundation for informed litigation decisions.

Writ of Execution and Levy Process

Once you have a judgment, the writ of execution and levy process allows the sheriff or marshal to seize assets — including bank account funds. The levy itself serves as a legal method of discovering what the debtor has in their accounts, because the financial institution must respond to the levy with a garnishee’s memorandum disclosing the account balance.

Information Subpoenas

Some states allow “information subpoenas” in judgment collection that can be served directly on financial institutions to discover account information. These must be properly issued through the court and comply with both state law and the financial institution’s legal process requirements.

💰 Penalties for GLBA Violations

The consequences of GLBA violations — particularly pretexting — are severe and include both criminal and civil penalties: 💰

Violation Type	Penalty	Details
🔴 Pretexting (Individual)	Up to 5 years prison + $100,000 fine	Applies to anyone who obtains or attempts to obtain financial information through false pretenses
🔴 Pretexting (Organization)	Up to $500,000 fine	Applies to companies whose employees or agents engage in pretexting
🟡 Privacy Rule Violations	Up to $100,000 per violation	Financial institutions that fail to provide required privacy notices or honor opt-out requests
🟡 Safeguards Rule Violations	FTC enforcement actions + penalties	Entities that fail to implement required information security measures
🟠 State Law Penalties	Varies by state	Many states have enacted their own pretexting prohibitions with additional penalties
⚖️ Civil Liability	Actual + punitive damages	Victims of pretexting can sue for actual damages under state law

📊 GLBA vs Other Privacy Laws — How They Interact

The GLBA does not exist in a vacuum — it intersects with several other federal and state privacy laws that investigators and skip tracers must understand: 📊

📋

GLBA vs FCRA

The Fair Credit Reporting Act governs access to consumer credit reports and requires permissible purposes. The GLBA’s pretexting prohibition applies to all financial information — not just credit reports. A person who uses false pretenses to obtain a credit report violates both laws.

⚖️

GLBA vs FDCPA

The FDCPA governs how debt collectors communicate with consumers and third parties. While the FDCPA allows limited third-party contacts for location information, those contacts must still comply with the GLBA — you cannot use deception to obtain financial information.

🚗

GLBA vs DPPA

The Driver’s Privacy Protection Act governs access to motor vehicle records. The GLBA and DPPA are complementary — one protects financial information, the other protects DMV information. Both require legitimate purposes and prohibit deception.

🗺️

GLBA vs State Laws

Many states have enacted their own pretexting prohibitions and financial privacy laws that may be stricter than the GLBA. California’s Financial Information Privacy Act gives consumers additional opt-in rights. Our privacy laws by state guide covers these variations.

✅ GLBA Compliance Checklist for Investigators and Skip Tracers

☐

Never Misrepresent Your Identity

Always identify yourself honestly when contacting financial institutions, employers, and third parties. Never claim to be someone you are not — not the account holder, not a bank employee, not a government official.

☐

Use Only Legitimate Data Sources

Access financial information only through public records, authorized databases, legal process (subpoenas, court orders), or voluntary disclosure. If you cannot explain how you legally obtained information, you should not have it.

☐

Train All Staff on GLBA Compliance

Every employee who contacts third parties or accesses information must understand the GLBA pretexting prohibition. Document training and update it regularly.

☐

Maintain Information Security

If your business handles any consumer financial information, implement appropriate security measures — access controls, encryption, secure disposal, and incident response procedures.

☐

Document Your Methods

Keep records of how information was obtained. If a compliance question arises, you need to demonstrate that your methods were legitimate. Document the source of every piece of financial information in your reports.

☐

Know When to Use Legal Process

When you need financial institution records, use proper legal channels — debtor examinations, subpoenas, court orders, and formal discovery. The investment in legal process is infinitely cheaper than the criminal liability of pretexting.

❓ Frequently Asked Questions

A skip tracer cannot call banks pretending to be the account holder or using any deceptive method to discover banking information — this is illegal pretexting. However, there are legal ways to discover banking information: through debtor examinations where the debtor is compelled to disclose accounts under oath, through formal discovery in litigation (subpoenas and interrogatories), through public records that may reference bank accounts (UCC filings, bankruptcy filings, court records), and through the levy process itself (which discovers account balances when the bank responds to the levy). Our skip tracing services use only legal, compliant methods.

No — calling an employer and honestly identifying yourself to verify employment information is not pretexting. The GLBA prohibits obtaining financial information through deception. If you identify yourself honestly and ask whether the person is employed there, this is a legitimate inquiry. However, you should be aware of FDCPA restrictions if you are a debt collector — the FDCPA limits what you can reveal to employers about the reason for your call.

The GLBA primarily protects “consumers” — individuals who obtain financial products or services for personal, family, or household use. Business financial information is generally not covered by the GLBA’s consumer privacy protections. However, the pretexting prohibition is broader — it prohibits obtaining any “customer information” from a financial institution through false pretenses, which can include business account information. The safe approach is to use legitimate methods for obtaining any financial information, whether consumer or commercial.

Yes. The GLBA makes it illegal to “request a person to obtain customer information of a financial institution knowing that the person will obtain, or attempt to obtain, the information” through pretexting. It is also illegal to knowingly receive financial information that was obtained through pretexting. If you hire a “data broker” or investigator who uses pretexting methods, you can be held criminally liable if you knew or should have known that the information was obtained illegally. This is why it is critical to use reputable, GLBA-compliant investigation services.

Social engineering is a broad term for manipulating people into revealing information or taking actions they would not otherwise take. Pretexting is a specific form of social engineering that involves creating a false pretext (a fabricated scenario or identity) to obtain information. Under the GLBA, any social engineering technique that involves false or fraudulent statements to obtain financial information constitutes pretexting. Even if you do not explicitly lie about your identity, making misleading statements that cause a financial institution employee to disclose customer information can violate the GLBA.

📚 Related Compliance and Legal Resources

📋 Disclaimer

This guide is for educational and informational purposes only and does not constitute legal advice. The GLBA and related privacy laws are complex federal statutes with serious criminal penalties for violations. This guide provides a general overview and should not be relied upon as a substitute for legal counsel from an attorney specializing in privacy law or regulatory compliance. People Locator Skip Tracing provides GLBA-compliant skip tracing and investigation services — we do not provide legal advice or legal representation. Information current as of 2025.