QUESTION
We would like to know how to handle nonpublic personal
information where our affiliates are involved. Do we both have the same
restrictions on disclosure?
ANSWER
A financial institution may disclose nonpublic personal information
(NPI) to its affiliates, but the affiliates are subject to the same
restrictions on reusing or re-disclosing the information as the originating
financial institution. [15 USC § 6802(c)]
The Gramm-Leach-Bliley Act (GLBA) defines an “affiliate” as
“any company that controls, is controlled by, or is under common control with
another company.” [15 USC § 6809(6)]
Subject to certain exceptions, GLBA prohibits disclosure of
a consumer’s NPI to non-affiliates unless the disclosing financial institution
has given the consumer a privacy notice and an opt-out notice, along with a
reasonable opportunity to opt out, and the consumer does not opt out of the
information sharing with non-affiliates. [16 CFR § 313.10]
The exceptions where financial institutions may share NPI
with certain non-affiliated third parties without having to comply with the
privacy notice and opt-out requirements are:
1. Administering
or enforcing transactions authorized by the consumer;
2. Effectuating
transactions with the consent of the consumer;
3. Protecting
the confidentiality of the financial institution’s records;
4. Providing
information to rating agencies;
5. Disclosing
data to law enforcement agencies to the extent required;
6. Providing
information to consumer reporting agencies as delineated in FCRA; and
7. Complying
with all federal, state or local laws or regulations.
[15 USC § 6802(e); 16 CFR §§ 313.14, 313.15]
Mention
also should be given to the condition where an exemption is allowed for the
opt-out requirements, but not the notice requirements. This condition exists
for entities that market the financial institution’s products and services, and
products or services “offered pursuant to joint agreements between two or more
financial institutions.”
[15
USC § 6802(b)(2); 16 CFR § 313.13]
Jonathan
Foxx
President
& Managing Director
Lenders Compliance Group
