- § 6801. Protection of nonpublic personal information
- § 6802. Obligations with respect to disclosures of personal information
- § 6804. Rulemaking
- § 6805. Enforcement
- § 6806. Relation to other provisions
- § 6807. Relation to State laws
- § 6808. Study of information sharing among financial affiliates
- § 6809. Definitions
It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.
Except as otherwise provided in this subchapter, a financial institution may not, directly or through any affiliate, disclose to a nonaffiliated third party any nonpublic personal information, unless such financial institution provides or has provided to the consumer a notice that complies with section 6803 of this title.
This subsection shall not prevent a financial institution from providing nonpublic personal information to a nonaffiliated third party to perform services for or functions on behalf of the financial institution, including marketing of the financial institution’s own products or services, or financial products or services offered pursuant to joint agreements between two or more financial institutions that comply with the requirements imposed by the regulations prescribed under section 6804 of this title, if the financial institution fully discloses the providing of such information and enters into a contractual agreement with the third party that requires the third party to maintain the confidentiality of such information.
Except as otherwise provided in this subchapter, a nonaffiliated third party that receives from a financial institution nonpublic personal information under this section shall not, directly or through an affiliate of such receiving third party, disclose such information to any other person that is a nonaffiliated third party of both the financial institution and such receiving third party, unless such disclosure would be lawful if made directly to such other person by the financial institution.
A financial institution shall not disclose, other than to a consumer reporting agency, an account number or similar form of access number or access code for a credit card account, deposit account, or transaction account of a consumer to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer.
Disclosures required by subsection (a) shall be made in accordance with the regulations prescribed under section 6804 of this title.
Nothing in this subsection shall be construed to exempt or otherwise exclude any financial institution that is affiliated or becomes affiliated with a certified public accountant described in paragraph (1) from any provision of this section.
For purposes of this subsection, the term “State” means any State or territory of the United States, the District of Columbia, Puerto Rico, Guam, American Samoa, the Trust Territory of the Pacific Islands, the Virgin Islands, or the Northern Mariana Islands.
The agencies referred to in section 6804(a)(1) of this title shall jointly develop a model form which may be used, at the option of the financial institution, for the provision of disclosures under this section.
A model form required to be developed by this subsection shall be issued in proposed form for public comment not later than 180 days after October 13, 2006.
Any financial institution that elects to provide the model form developed by the agencies under this subsection shall be deemed to be in compliance with the disclosures required under this section.
Except as provided in subparagraph (C), the Bureau of Consumer Financial Protection and the Securities and Exchange Commission shall have authority to prescribe such regulations as may be necessary to carry out the purposes of this subchapter with respect to financial institutions and other persons subject to their respective jurisdiction under section 6805 of this title (and notwithstanding subtitle B of the Consumer Financial Protection Act of 2010 [12 U.S.C. 5511 et seq.]), except that the Bureau of Consumer Financial Protection shall not have authority to prescribe regulations with respect to the standards under section 6801 of this title.
The Commodity Futures Trading Commission shall have authority to prescribe such regulations as may be necessary to carry out the purposes of this subchapter with respect to financial institutions and other persons subject to the jurisdiction of the Commodity Futures Trading Commission under section 7b–2 of title 7.
Notwithstanding the authority of the Bureau of Consumer Financial Protection under subparagraph (A), the Federal Trade Commission shall have authority to prescribe such regulations as may be necessary to carry out the purposes of this subchapter with respect to any financial institution that is a person described in section 1029(a) of the Consumer Financial Protection Act of 2010 [12 U.S.C. 5519(a)].
Nothing in this paragraph shall be construed to alter, affect, or otherwise limit the authority of a State insurance authority to adopt regulations to carry out this subchapter.
Each of the agencies authorized under paragraph (1) to prescribe regulations shall consult and coordinate with the other such agencies and, as appropriate, and with 1
Such regulations shall be prescribed in accordance with applicable requirements of title 5.
The regulations prescribed under subsection (a) may include such additional exceptions to subsections (a) through (d) of section 6802 of this title as are deemed consistent with the purposes of this subchapter.
Except as provided in paragraph (2), the agencies and authorities described in subsection (a), other than the Bureau of Consumer Financial Protection, shall implement the standards prescribed under section 6801(b) of this title in the same manner, to the extent practicable, as standards prescribed pursuant to section 1831p–1(a) of title 12 are implemented pursuant to such section.
The agencies and authorities described in paragraphs (3), (4), (5), (6), and (7) of subsection (a) shall implement the standards prescribed under section 6801(b) of this title by rule with respect to the financial institutions and other persons subject to their respective jurisdictions under subsection (a).
If a State insurance authority fails to adopt regulations to carry out this subchapter, such State shall not be eligible to override, pursuant to section 1831x(g)(2)(B)(iii) of title 12, the insurance customer protection regulations prescribed by a Federal banking agency under section 1831x(a) of title 12.
The terms used in subsection (a)(1) that are not defined in this subchapter or otherwise defined in section 1813(s) of title 12 shall have the same meaning as given in section 3101 of title 12.
Except for the amendments made by subsections (a) and (b), nothing in this chapter shall be construed to modify, limit, or supersede the operation of the Fair Credit Reporting Act [15 U.S.C. 1681 et seq.], and no inference shall be drawn on the basis of the provisions of this chapter regarding whether information is transaction or experience information under section 603 of such Act [15 U.S.C. 1681a].
This subchapter and the amendments made by this subchapter shall not be construed as superseding, altering, or affecting any statute, regulation, order, or interpretation in effect in any State, except to the extent that such statute, regulation, order, or interpretation is inconsistent with the provisions of this subchapter, and then only to the extent of the inconsistency.
For purposes of this section, a State statute, regulation, order, or interpretation is not inconsistent with the provisions of this subchapter if the protection such statute, regulation, order, or interpretation affords any person is greater than the protection provided under this subchapter and the amendments made by this subchapter, as determined by the Bureau of Consumer Financial Protection, after consultation with the agency or authority with jurisdiction under section 6805(a) of this title of either the person that initiated the complaint or that is the subject of the complaint, on its own motion or upon the petition of any interested party.
The Secretary shall consult with representatives of State insurance authorities designated by the National Association of Insurance Commissioners, and also with financial services industry, consumer organizations and privacy groups, and other representatives of the general public, in formulating and conducting the study required by subsection (a).
On or before January 1, 2002, the Secretary shall submit a report to the Congress containing the findings and conclusions of the study required under subsection (a), together with such recommendations for legislative or administrative action as may be appropriate.
The term “Federal banking agency” has the same meaning as given in section 1813 of title 12.
The term “financial institution” means any institution the business of which is engaging in financial activities as described in section 1843(k) of title 12.
Notwithstanding subparagraph (A), the term “financial institution” does not include any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act [7 U.S.C. 1 et seq.].
Notwithstanding subparagraph (A), the term “financial institution” does not include the Federal Agricultural Mortgage Corporation or any entity chartered and operating under the Farm Credit Act of 1971 [12 U.S.C. 2001 et seq.].
Notwithstanding subparagraph (A), the term “financial institution” does not include institutions chartered by Congress specifically to engage in transactions described in section 6802(e)(1)(C) of this title, as long as such institutions do not sell or transfer nonpublic personal information to a nonaffiliated third party.
The term “nonaffiliated third party” means any entity that is not an affiliate of, or related by common ownership or affiliated by corporate control with, the financial institution, but does not include a joint employee of such institution.
The term “affiliate” means any company that controls, is controlled by, or is under common control with another company.
The term “State insurance authority” means, in the case of any person engaged in providing insurance, the State insurance authority of the State in which the person is domiciled.
The term “consumer” means an individual who obtains, from a financial institution, financial products or services which are to be used primarily for personal, family, or household purposes, and also means the legal representative of such an individual.
The term “time of establishing a customer relationship” shall be defined by the regulations prescribed under section 6804 of this title, and shall, in the case of a financial institution engaged in extending credit directly to consumers to finance purchases of goods or services, mean the time of establishing the credit relationship with the consumer.