Philterd

Talk to an Expert

Tell us about your stack and the privacy problems you're trying to solve. We typically respond within one business day.

Prefer to skip the form? Pick a time on our calendar →
or send a message

← All policies

Finance · Philterd

GLBA Nonpublic Personal Information (NPPI) Redaction

Redact Nonpublic Personal Information (NPPI) from financial customer records under the Gramm-Leach-Bliley Act (15 USC 6801-6809).

View policy → Download JSON → View source on GitHub
v1.0.0 Updated 2026-05-18 Philter >=3.0.0 By Philterd
GLBANPPIfinancial privacySafeguards Rule15 USC 6801banking

The policy

The full glba-nppi-redaction.json file — the same content you’d get by downloading. Copy any part of it, or use the buttons in the hero to grab the whole file.

{
  "name": "glba-nppi-redaction",
  "config": {
    "splitting": {
      "enabled": false,
      "threshold": 4000
    }
  },
  "ignored": [],
  "identifiers": {
    "personsName": {
      "personsFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[CUSTOMER]", "conditions": "confidence > 65"}
      ]
    },
    "ssn": {
      "ssnFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-SSN]"}
      ]
    },
    "creditCard": {
      "onlyValidCreditCards": true,
      "creditCardFilterStrategies": [
        {"strategy": "MASK", "maskCharacter": "*", "maskLength": "SAME", "leaveCharacters": 4}
      ]
    },
    "iban": {
      "ibanFilterStrategies": [
        {"strategy": "MASK", "maskCharacter": "*", "maskLength": "SAME", "leaveCharacters": 4}
      ]
    },
    "date": {
      "onlyValidDates": true,
      "dateFilterStrategies": [
        {"strategy": "TRUNCATE", "truncateDigits": 4, "redactionFormat": "%Y", "conditions": "context == \"birth\""}
      ]
    },
    "phoneNumber": {
      "phoneNumberFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-PHONE]"}
      ]
    },
    "emailAddress": {
      "emailAddressFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-EMAIL]"}
      ]
    },
    "address": {
      "addressFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-ADDRESS]"}
      ]
    },
    "driversLicense": {
      "driversLicenseFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-LICENSE]"}
      ]
    },
    "passportNumber": {
      "passportNumberFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-PASSPORT]"}
      ]
    },
    "identifiers": [
      {
        "id": "routing-number",
        "pattern": "\\b(?:ABA|RTN|routing)[\\s:#]*\\d{9}\\b",
        "caseSensitive": false,
        "identifierFilterStrategies": [
          {"strategy": "REDACT", "redactionFormat": "[REDACTED-RTN]"}
        ]
      },
      {
        "id": "account-number",
        "pattern": "\\b(?:account|acct)[\\s:#]*(?:number|#)?[\\s:#]*\\d{6,}\\b",
        "caseSensitive": false,
        "identifierFilterStrategies": [
          {"strategy": "MASK", "maskCharacter": "*", "maskLength": "SAME", "leaveCharacters": 4}
        ]
      },
      {
        "id": "loan-number",
        "pattern": "\\b(?:loan|mortgage|note)[\\s:#]*(?:number|#)?[\\s:#]*[A-Z0-9-]{6,}\\b",
        "caseSensitive": false,
        "identifierFilterStrategies": [
          {"strategy": "REDACT", "redactionFormat": "[REDACTED-LOAN]"}
        ]
      }
    ]
  }
}

Example

Input

Customer Robert Chen (SSN 123-45-6789, DOB 1980-06-15) opened account 1234567890 with routing 021000021. Mortgage MTG-2024-887.

Output

Customer [CUSTOMER] (SSN [REDACTED-SSN], DOB 1980) opened account ******7890 with routing [REDACTED-RTN]. [REDACTED-LOAN].

Entities this policy acts on

CUSTOMERSSNCREDIT_CARDIBANDATEPHONEEMAILADDRESSLICENSEPASSPORTRTNACCOUNTLOAN

What this policy does

Removes Nonpublic Personal Information (NPPI) — the category of customer financial data protected by the Gramm-Leach-Bliley Act (GLBA) — from financial-services records.

NPPI is broader than PCI DSS scope. PCI focuses specifically on cardholder data; GLBA covers any personally identifiable financial information a financial institution obtains in connection with providing a financial service:

  • Account balances and transaction history
  • Deposit, withdrawal, and payment patterns
  • Loan and credit history
  • Investment holdings
  • Plus traditional PII (names, SSNs, addresses) when collected in a financial context

This policy targets the identifier fields:

  • Customer names — redacted to [CUSTOMER] (confidence-gated)
  • SSNs — fully redacted
  • Credit card numbers — masked to last 4 visible
  • IBANs — masked to last 4
  • Birthdates — truncated to year only when context indicates a birth date
  • Phone, email, address — redacted
  • Driver’s license, passport numbers — redacted
  • Bank routing numbers (ABA RTNs) — redacted
  • Account numbers — masked to last 4 visible
  • Loan / mortgage / note numbers — redacted

It preserves transaction amounts, dates of transactions (non-birth), and analytical fields by default — these are usually the operational reason the records are being processed in the first place.

When to use this

  • Sharing customer data with a third-party processor (loan servicers, payment processors, collections agencies, marketing analytics vendors)
  • Internal analytics across business units where the analytics team shouldn’t see fully-identified customer records
  • Training fraud-detection or credit-risk models on real transaction data
  • Audit response where regulators or auditors need representative records without specific customer identification
  • Document retention where records must be kept beyond active use but identifying details are no longer needed

When to customize

  • Customer name handling. Default redacts names with [CUSTOMER] tokens. For internal use cases where the customer name is operationally needed (e.g., case management, dispute resolution), preserve names by removing the personsName entry — or build a parallel “internal-only” variant.
  • Date of birth. Default truncates to year only when context indicates a birth date. For research use cases needing age-band analysis, year is enough. For pure de-identification, switch to full REDACT.
  • Address granularity. Default fully redacts addresses. For analytics where geographic region matters, use a REPLACE strategy with [STATE] or [REGION] (Philter’s state and custom identifiers can help here).
  • Account / routing / loan number formats. Defaults are generic. Replace with your core banking system’s actual patterns — especially loan numbers, which vary widely (mortgages, auto loans, HELOCs, commercial loans often have different format conventions).
  • Transaction amounts. Not redacted by default — they’re analytically valuable and aren’t NPPI on their own. For datasets where customer-amount linkability is the concern, add an identifier rule for currency patterns.
  • Wealth-management records. Investment holdings and balances can be NPPI. If your records include them, decide whether the analytical purpose needs them; if not, add custom redaction.

GLBA vs PCI DSS — pick the right policy

These regimes cover overlapping but distinct data:

PCI DSSGLBA
ScopeCardholder data (PAN, CVV, etc.)All NPPI (financial PII)
TriggerAccepting / processing / storing cardsBeing a “financial institution” under GLBA
Strictest requirementNo storage of Sensitive Authentication Data post-authReasonable safeguards for customer information
Companion policy herepci-dss-scope-reduction.json(this policy)

In practice, most financial institutions need both. Use the PCI policy for systems that touch cards specifically; use this GLBA policy for the broader customer-data systems. They can be stacked on the same document if the document contains both types of data.

Compliance notes

  • 15 USC 6801-6809 — the GLBA statute

  • 16 CFR Part 314 — the FTC’s Safeguards Rule (substantially updated 2022) requires financial institutions to maintain a written Information Security Program with reasonable safeguards for customer information

  • 16 CFR Part 313 — the Privacy Rule requires annual privacy notices and opt-out for certain disclosures of NPPI to non-affiliated third parties

  • State financial-privacy laws may impose additional or stricter requirements:

    • California (CCPA / CPRA, plus the California Financial Information Privacy Act)
    • Nevada (NRS Chapter 603A)
    • New York (NYDFS Cybersecurity Regulation 23 NYCRR Part 500)
    • Massachusetts (201 CMR 17.00)

    This policy is GLBA-baseline; layer state-specific policies on top as needed.

  • Bank Secrecy Act (BSA) and AML records have specific retention and reporting requirements that may conflict with aggressive redaction. Coordinate with your BSA officer before redacting records that fall under BSA recordkeeping obligations.

References

Use this policy

Download and load into your running Philter instance:

# Download the policy
curl -O https://raw.githubusercontent.com/philterd/pii-redaction-policies/main/policies/philterd/finance/glba-nppi-redaction.json

# Upload to your Philter instance
curl -X POST http://localhost:8080/api/policies \
     -H "Content-Type: application/json" \
     --data @glba-nppi-redaction.json

# Redact text using the policy
curl http://localhost:8080/api/filter?p=glba-nppi-redaction \
     --data "your text here" \
     -H "Content-Type: text/plain"

No Philter instance yet? Deploy one in 5 minutes → · Want to tune this policy against your data? Talk to the team.

← All policies