Gramm-Leach-Bliley Act and TPAs?

[Guest SteveConley]

I've been doing some research into this subject and think I've sorted most of it out, but does anyone have any insight into how the privacy rules/restrictions found in the Gramm-Leach-Bliley Act would impact a third-party administrator of Employee/Executive benefit plans? My reading of the statute/regs is that since the protections of the law extend to "Consumers" or "Customers," both of whom are defined as "individuals," that a bank or other company providing NPI (nonpublic personal information) in the course of the administration of their employee benefits programs would not be considered a "consumer" because that company is not an individual providing that information. Rather, it is providing the information (some of which might be considered NPI) of its employees in the course of providing them with compensation, etc.; not only would the company not be considered an "individual," but the information is being provided for business purposes rather than in connection with "financial services for personal...use" (can't remember the specific language used in the GLB Act). If anyone 1) can confirm that my interpretation is correct, or 2) knows that TPAs actually are subject to some/all of the GLB Act requirements, or 3) knows any other information or sources that would shed some light on this issue, the help would be much appreciated.