Privacilla.Org

Home
Past Releases and Reports
Coverage
About Privacilla
Privacy Fundamentals
Privacy and Government
Privacy and Business
Online Privacy
Financial Privacy
Medical Privacy
Notify Privacilla about your thinking!
Your Source for Privacy Policy from a Free-market, Pro-technology Perspective


Click to return to the Financial Privacy outline

Home > Privacy and Business > Financial Privacy > Select Laws and Regulations > The Gramm-Leach-Bliley Act > Notice and Opt-Out Under the Gramm-Leach-Bliley Act


Notice and Opt-Out Under the Gramm-Leach-Bliley Act

Section 502 of the Gramm-Leach-Bliley Act (15 U.S.C. 6802) forbids any financial institution from sharing "nonpublic personal information" with a "nonaffiliated third party" unless the relevant consumer is given notice and an opportunity to opt out of the sharing.

The notice is defined in Section 503 (15 U.S.C. 6803). At the time a customer relationship is established and each year that it continues, the financial institution must provide "clear and conspicuous" notice of its policies and practices on:

  • disclosing nonpublic personal information to affiliates and nonaffiliated third parties
  • disclosing nonpublic personal information about persons who are no longer customers; and
  • protecting the nonpublic personal information of consumers.
The notice must also include:
  • the policies and practices of the institution on sharing of information with nonaffiliated third parties, including:
    • the categories of persons with whom information is shared; and
    • the policies and practices of the institution on disclosing information about persons who are no longer customers;
  • the categories of information that are collected by the institution;
  • the policies that the institution has to protect confidentiality and security; and
  • disclosures required by the Fair Credit Reporting Act.

Section 502 requires financial institutions to explain to customers how to opt out of the information sharing described in the notice before information is shared.

A third party that receives "nonpublic personal information" from a financial institution consistent with these requirements may not share it with other third parties unless the financial institution itself could have shared the information.

Needless to say, the billions of notices that have gone out as required by the Gramm-Leach-Bliley have been long and confusing. Consumers have rightly asked "What's this got to do with me?" Regulators and companies are still struggling to answer this question.


Links:

Get Noticed: Effective Financial Privacy Notices, Interagency Public Workshop (Dec. 4, 2001).

Comments? comments@privacilla.org (Subject: GLBNotice)

[updated 12/02/01]



©2000-2003 Privacilla.org. All content subject to the Privacilla Public License.