The Gramm-Leach-Bliley Act doesn’t specifically list the requirements for shredding. However, Section 501 of Title V of the GLB Act says the following:

SEC. 501. PROTECTION OF NONPUBLIC PERSONAL INFORMATION

(a) PRIVACY OBLIGATION POLICY.— It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.

(b) FINANCIAL INSTITUTIONS SAFEGUARDS.— In furtherance of the policy in subsection (a), each agency or authority described in section 505(a) shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards

(1) to insure the security and confidentiality of customer records and information;
(2) to protect against any anticipated threats or hazards to the security or integrity of such records; and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

It is implied that any material that contains “personal identifiers” should be discarded with the utmost care to preserve its confidentiality. Using a NAID Certified shredding service is one of the best ways to do that.