A Legal Guide to PRIVACY AND DATA SECURITY 2024

the rule generally requires that an annual privacy notice be provided to a customer. The rule provides an alternate means of complying with the annual disclosure requirement if the financial institution does not share a customer’s nonpublic personal information with nonaffiliated third parties, or with affiliates for marketing purposes, and the content of the privacy disclosure has not changed since the last privacy notice. If a financial institution qualifies to use the alternate annual notice, it need only annually disclose that a privacy notice is available on the financial institution’s website and will be mailed at no cost to the customer. The privacy notice itself must be a clear, conspicuous, and accurate statement of the financial institution’s privacy practices. It must state: 1) the categories of information that the financial institution collects and discloses; 2) the categories of affiliated and nonaffiliated entities with which it shares information; 3) that the consumer or customer has the right to opt out of some disclosures; and 4) how the consumer or customer can opt out (if an opt-out right is available). GLBA Consent Requirements. There are no requirements for affirmative consent before sharing information from a customer or consumer, but a financial institution is required at the time of setting up the customer relationship and annually thereafter to: 1) notify customers and consumers of the institution’s privacy policy and practices; and 2) provide the individual with “reasonable means” to opt out of certain uses and disclosures of the individual’s nonpublic personal information. Consent can be obtained through written, oral or electronic means. No Opt-Out Required. A financial institution does not need to provide an opt-out right to the individual in certain defined circumstances, including when nonpublic personal information is shared: 1) for the purpose of administering or enforcing a transaction that a customer requests or authorizes; or 2) with outside companies that provide essential services to the financial institution, such as data processing or servicing accounts, if certain conditions are met (like contractually binding the outside company to protect the confidentiality and security of the data).

8

Made with FlippingBook - Online Brochure Maker