|
Sec. 6801. Protection of
nonpublic personal information
(a)
Privacy obligation policy
It is
the policy of the Congress that each financial institution has an affirmative
and continuing obligation to respect the privacy of its customers and to protect
the security and confidentiality of those customers' nonpublic personal
information.
(b)
Financial institutions safeguards
In
furtherance of the policy in subsection (a) of this section, each agency or
authority described in section 6805(a) of this title shall establish appropriate
standards for the financial institutions subject to their jurisdiction relating
to administrative, technical, and physical safeguards -
(1) to
insure the security and confidentiality of customer records and information;
(2) to
protect against any anticipated threats or hazards to the security or integrity
of such records; and
(3) to
protect against unauthorized access to or use of such records or information
which could result in substantial harm or inconvenience to any customer.
SECTION
REFERRED TO IN OTHER SECTIONS
This
section is referred to in sections 6803, 6805 of this title.
Sec. 6802.
Obligations with respect to disclosures of personal information
(a)
Notice requirements
Except
as otherwise provided in this subchapter, a financial institution may not,
directly or through any affiliate, disclose to a nonaffiliated third party any
nonpublic personal information, unless such financial institution provides or
has provided to the consumer a notice that complies with section 6803 of this
title.
(b) Opt
out
(1) In
general
A
financial institution may not disclose nonpublic personal information to a
nonaffiliated third party unless -
(A)
such financial institution clearly and conspicuously discloses to the consumer,
in writing or in electronic form or other form permitted by the regulations
prescribed under section 6804 of this title, that such information may be
disclosed to such third party;
(B) the
consumer is given the opportunity, before the time that such information is
initially disclosed, to direct that such information not be disclosed to such
third party; and
(C) the
consumer is given an explanation of how the consumer can exercise that
nondisclosure option.
(2)
Exception
This
subsection shall not prevent a financial institution from providing nonpublic
personal information to a nonaffiliated third party to perform services for or
functions on behalf of the financial institution, including marketing of the
financial institution's own products or services, or financial products or
services offered pursuant to joint agreements between two or more financial
institutions that comply with the requirements imposed by the regulations
prescribed under section 6804 of this title, if the financial institution fully
discloses the providing of such information and enters into a contractual
agreement with the third party that requires the third party to maintain the
confidentiality of such information.
(c)
Limits on reuse of information
Except
as otherwise provided in this subchapter, a nonaffiliated third party that
receives from a financial institution nonpublic personal information under this
section shall not, directly or through an affiliate of such receiving third
party, disclose such information to any other person that is a nonaffiliated
third party of both the financial institution and such receiving third party,
unless such disclosure would be lawful if made directly to such other person by
the financial institution.
(d)
Limitations on the sharing of account number information for marketing purposes
A
financial institution shall not disclose, other than to a consumer reporting
agency, an account number or similar form of access number or access code for a
credit card account, deposit account, or transaction account of a consumer to
any nonaffiliated third party for use in telemarketing, direct mail marketing,
or other marketing through electronic mail to the consumer.
(e)
General exceptions
Subsections (a) and (b) of this section shall not prohibit the disclosure of
nonpublic personal information -
(1) as
necessary to effect, administer, or enforce a transaction requested or
authorized by the consumer, or in connection with -
(A)
servicing or processing a financial product or service requested or authorized
by the consumer;
(B)
maintaining or servicing the consumer's account with the financial institution,
or with another entity as part of a private label credit card program or other
extension of credit on behalf of such entity; or
(C) a
proposed or actual securitization, secondary market sale (including sales of
servicing rights), or similar transaction related to a transaction of the
consumer;
(2)
with the consent or at the direction of the consumer;
(3)(A)
to protect the confidentiality or security of the financial institution's
records pertaining to the consumer, the service or product, or the transaction
therein; (B) to protect against or prevent actual or potential fraud,
unauthorized transactions, claims, or other liability; (C) for required
institutional risk control, or for resolving customer disputes or inquiries; (D)
to persons holding a legal or beneficial interest relating to the consumer; or
(E) to persons acting in a fiduciary or representative capacity on behalf of the
consumer;
(4) to
provide information to insurance rate advisory organizations, guaranty funds or
agencies, applicable rating agencies of the financial institution, persons
assessing the institution's compliance with industry standards, and the
institution's attorneys, accountants, and auditors;
(5) to
the extent specifically permitted or required under other provisions of law and
in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et
seq.), to law enforcement agencies (including a Federal functional regulator,
the Secretary of the Treasury with respect to subchapter II of chapter 53 of
title 31, and chapter 2 of title I of Public Law 91-508 (12 U.S.C. 1951-1959), a
State insurance authority, or the Federal Trade Commission), self-regulatory
organizations, or for an investigation on a matter related to public safety;
(6)(A)
to a consumer reporting agency in accordance with the Fair Credit Reporting Act
(15 U.S.C. 1681 et seq.), or (B) from a consumer report reported by a consumer
reporting agency;
(7) in
connection with a proposed or actual sale, merger, transfer, or exchange of all
or a portion of a business or operating unit if the disclosure of nonpublic
personal information concerns solely consumers of such business or unit; or
(8) to
comply with Federal, State, or local laws, rules, and other applicable legal
requirements; to comply with a properly authorized civil, criminal, or
regulatory investigation or subpoena or summons by Federal, State, or local
authorities; or to respond to judicial process or government regulatory
authorities having jurisdiction over the financial institution for examination,
compliance, or other purposes as authorized by law.
(Pub. L. 106-102, title V,
Sec. 502, Nov. 12, 1999, 113 Stat. 1437.)
Instant, online
criminal background
checks |
