Download Exceptions to Privacy Rule for Sharing Consumers' Financial Info: Joint Agreements, Proces and more Study notes Marketing in PDF only on Docsity!
PRIVACY OF CONSUMERS'
FINANCIAL INFORMATION
PART 8
EXCEPTIONS TO THE RULE
RE S O U R C E S P R O V I D E D T HR O U G H
AP R I L 2001
Slides Narration
Earlier presentations in this series covered various definitions and notification requirements in the privacy regulation.
This presentation outlines some exceptions set forth in the reg. These exceptions relate to the provision in the regulation that permits a bank to share information with nonaffiliated third parties.
Specifically, we'll look at three types of exceptions:
- Exceptions for joint agreements, as defined in section thirteen, - Exceptions for processing and servicing, as defined in section fourteen, and - Other exceptions, as defined in section fifteen. At any point, you can pause this presentation and open a PDF file of any of these three sections. Just click on the document title shown on the right side of your screen.
Then in the next presentation, we'll discuss some of the limits the regulation puts on an organization's reuse of nonpublic personal information.
The first exception relates to opt out rights outlined in section 13 of the regulation. This exception applies to banks that have contractual agreements with a nonaffiliated third part to perform services for the institution.
These services may include marketing of the bank's own products or marketing of financial products offered under a joint agreement between the bank and another financial institution.
As defined in the privacy regulation, a joint agreement is a written contract between a bank and one or more financial institutions to jointly offer, endorse, or sponsor a financial product or a fina ncial service.
The intent of section thirteen is to allow small banks, which are not part of a holding company and have no affiliates, the opportunity to offer some of the products and/or services that larger banks can provide their customers without involving nonaffiliated third parties.
This type of joint marketing/servicing arrangement is acceptable under privacy regulations as long as the bank includes information about such disclosures in its privacy notices,
and the two financial institutions ent er into a contractual, confidentiality agreement.
While consumers and customers cannot opt out of this type of information sharing, they must receive an initial notice that describes joint marketing agreements
The contractual confidentiality agreement must limit the financial institution's right to use the information the bank shares. The third party may use nonpublic personal information that it obtains only for marketing the particular product or service that is covered in the agreement. For example, if the joint agreement was to offer life insurance, the financial institution would not have the legal right to use the customer list to sell supplemental health insurance.
The second type of exception, defined in section fourteen, relates to processing and servicing of transactions.
Section fourteen states that an initial and opt out notice is not required when information sharing is "necessary to effect, administer, or enforce a transaction that a consumer requests or authorizes, or in connection with:
- Servicing or processing a financial product or service that a consumer requests or authorizes; - Maintaining or servicing the consumer’s account with you or with another entity as part of a private-label credit -card program or other extension of credit on behalf of such entity; or - A proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer"
An example of maintaining or servicing the consumer’s account
is a bank that hires a mail order house to send out bank statements.
A common example of secondary market sales covered under section fourteen
wou ld be a case in which a bank sells the servicing rights to a customer's home-loan mortgage. In such cases, the bank would have the right to share the customer's nonpublic personal information freely with the entity that bought the servicing rights.
While section fourteen covers general processing and servicing transactions, section fifteen details several exceptions for specific organizations and situations.
Let's look at a few examples here, that do not provide an opportunity for opt out.
One except ion under section fifteen allows banks to share nonpublic personal information at the consent or direction of a consumer.
Sharing of information is also allowed when it's done to protect the security of records, prevent fraud, or to resolve consumer disput es.
They can also share with Federal, state, and local agencies to protect public safety, in relation to laws (such as the Fair Credit Reporting Act and consumer -prot ection legislation), or in meeting civil, criminal, or regulatory investigations, when properly authorized through actions such as subpoenas and summons.
Exceptions for certain business transactions such as sales and mergers are also outlined in section fifteen.
Again, you can review a detailed list of the exceptions listed in this section by in opening the PDF file.
In this presentation, we've discussed three sections of the regulation that define exceptions to the rule— instances in which banks ca n, in fact, share their customers' nonpublic personal information with nonaffiliated third parties.
The next presentation covers some of the limits the regulation sets on how those nonaffiliated third parties can reuse the nonpublic personal information they receive.
