Definition of Nonpublic Personal Information. The privacy provisions of the GLBA apply only to “personally identifiable financial information.” 15 U.S.C. § 6809(4). “Personally identifiable financial information” means any information: (i) that a consumer provides to obtain a financial product or service; (ii) about a consumer resulting from any transaction involving a financial product or service; or (iii) obtained about a consumer in connection with providing a financial product or service to the consumer. Sharing of Information with Affiliated Companies . The GLBA does not restrict the sharing of nonpublic personal information with affiliates although it does require disclosures regarding affiliate-sharing practices. The Fair Credit Reporting Act (FCRA) does limit the sharing of certain financial information with affiliates for marketing purposes and requires that consumers be given notice of the affiliate sharing and the right to opt-out. 15 U.S.C. § 1681s-3. Sharing of Information with Third Parties. Nonpublic personal information can be shared with nonaffiliated companies only if: (i) the individual is first given a right to opt-out of the sharing and does not do so; (ii) the consumer consents to the sharing; or (iii) the sharing falls within an exception that permits sharing without consent or right to opt-out. 15 U.S.C. § 6802(b). The exceptions to the requirement of providing a right to opt-out address a number of otherwise normal business activities and legal requirements such as responding to subpoenas, or delivering the information to service providers or consumer reporting agencies. A financial institution will generally be required to have a contract in place with the third party that requires the third party to maintain the information as confidential. Restrictions. Financial Institutions cannot disclose account numbers or credit card numbers for direct mail marketing, telemarketing or other electronic marketing purposes. 15 U.S.C. § 6802(d). Privacy Notices. Financial institutions must provide a written notice to customers of their privacy policies. 15 U.S.C. § 6803(a).
6
Made with FlippingBook - Online Brochure Maker