Many companies you do business with are required to give you privacy notices that explain their information-sharing practices. In turn, you have the right to limit some — but not all — sharing of your information. The law balances your right to privacy with a company’s need to provide information for normal business purposes.
Privacy Notices 101
Privacy notices explain what personal financial information a company collects; whether the company intends to share your personal financial information with other companies; what you can do to limit some of that sharing; and how the company protects your personal financial information.
Companies involved in financial activities that must send their customers privacy notices include:
- banks, savings and loans, and credit unions
- insurance companies
- securities and commodities brokerage firms
- retailers that issue their own credit cards (like department stores or gas stations)
- mortgage brokers; automobile dealerships that extend or arrange financing or leasing
- check cashers and payday lenders
- financial advisors and credit counseling services
- companies that sell money orders or travelers checks
Financial companies share information for many reasons: to offer you more services, to introduce new products, and to profit from the information they have about you. If you want to know about other products and services, you may want your financial company to share your personal financial information; in this case, you don’t need to respond to the privacy notice. If you prefer to limit the promotions you receive — or you don’t want marketers and others to have your personal financial information — you must take some important steps.
The bottom line is that it’s important to read these privacy notices. They explain how a company handles and shares your personal financial information. Not all privacy notices are the same.
What You Can and Can’t Stop
You have the right to opt out of some information sharing with companies that are not part of the same corporate group as your financial company (non-affiliates). If the information being shared comes from your credit report, you also have the right to opt out of such sharing with companies affiliated with your financial company. Financial companies can share certain types of information about you without giving you the right to opt out. For example, your financial company can provide to non-affiliates without providing an opt-out: information about you to firms that help promote and market the company’s own products or products offered under a joint agreement between two financial companies; records of your transactions — like your loan payments, credit card or debit card purchases, and checking and savings account statements — to firms that provide data processing and mailing services for your company; information about you in response to a court order; and your payment history on loans and credit cards to credit reporting companies.
Opting Out Means
If you opt out, you limit the extent to which the company can provide your personal financial information. If you don’t opt out within a “reasonable period of time” — generally about 30 days after the company mails you the notice — then the company is free to share certain personal financial information. If you didn’t opt out the first time you received a privacy notice from a financial company, it’s not too late. You can always change your mind and opt out of certain information sharing. Ask your financial company for instructions on how to opt out. But remember, any personal financial information that was shared before you opted out cannot be retrieved.
Your Right to Opt Out
A privacy notice contains information about the company’s data collection and information sharing policies. If a financial company doesn’t plan to share your information except as allowed by law, the notice will say so. In this instance, you don’t have a right to opt out.
Non-affiliates. If the company plans to share your information with a non-affiliate, you have the right to opt out in most circumstances. The privacy notice will include instructions on how to opt out. Unless you opt out, your financial company can share your personal financial information (for example, information on the kinds of stores you shop at, how much you borrow, your account balances, or the dollar value of your assets) to non-affiliates for marketing and other purposes. There are some types of information sharing that you cannot opt out of, however. For example, you cannot opt out if the company is sharing your information in order to market its own products or services, or if the company is reporting your information to credit reporting companies.
Affiliates. If the company plans to share information from your credit report with an affiliate, you have a right to opt out. Read your notices carefully to see if this type of opt out applies. Companies can, however, share information about you with affiliates when the information is based solely on your transactions with that company, including whether you pay your bills on time and the type of accounts you have with the company.
If you want to opt out of information sharing, you must follow the directions provided by your financial company. For example, you may have to call a toll-free number or fill out a form and return the form to the company.
In some cases, your financial company may give you the choice to opt out of different types of sharing. For example, you could opt out of certain categories of information the company provides to other companies but allow the company to share other kinds of information.
Credit reporting companies also may sell information about you to lenders and insurers who use the information to decide whether to send you unsolicited offers of credit or insurance. This is known as prescreening. You can opt out of receiving prescreened offers by calling 1-888-567-8688.
Types of Privacy Notices
The Initial Privacy Notice. Usually, you will get a privacy notice when you become a customer of a financial company. If you open an account by phone, however, and you agree, the company may send you a notice later.
A privacy notice may be included as an insert with your monthly statement or bill, or it may be sent to you separately. If you agree to electronic delivery from an on-line financial company, the notice may be sent to you via e-mail or made available to you on the company’s website.
If you have more than one account with the same company, you may get only one privacy notice for all your accounts, or separate notices for each account.
If you have a joint account, the financial company may send a notice to one of you or to each person listed on the account. If the company offers an opportunity to opt out, it must let one of the account holders opt out for all parties on the account. You may request separate notices, however.
For More Information and Complaints
Board of Governors of the Federal Reserve System
Regulates state-chartered banks that are members of the Federal Reserve System, bank holding companies, and branches of foreign banks
Division of Consumer and Community Affairs, Stop 801
20th and C Streets, NW
Washington, DC 20551
Commodity Futures Trading Commission
Regulates commodity brokers, commodity trading advisors, commodity pools, and introducing brokers
Privacy Officer, Office of Chief Counsel
Division of Trading and Markets
Three Lafayette Center
1155 21st Street, NW
Washington, DC 20581
Federal Deposit Insurance Corporation
Regulates state-chartered banks that are not members of the Federal Reserve System
Division of Compliance and Consumer Affairs
550 17th Street, NW
Washington, DC 20429
877-ASK-FDIC or 877-275-3342 toll-free
Federal Trade Commission
Regulates any financial company not covered by the other federal regulators, like mortgage brokers, tax and investment services, finance companies, credit reporting companies, nonbank lenders, auto dealers, leasing companies, appraisers, real estate settlement services, credit counseling services, and collection agency services
Consumer Response Center
600 Pennsylvania Avenue, NW
Washington, DC 20580
877-FTC-HELP or 877-382-4357 toll-free
National Credit Union Administration
Regulates federally chartered credit unions
Office of Public and Congressional Affairs
1775 Duke Street
Alexandria, VA 22314-3428
Office of the Comptroller of the Currency
Regulates national banks, District of Columbia banks, federal branches and federal agencies of foreign banks, and subsidiaries of such entities. These typically include banks with “national” or “N.A.” in their names.
Customer Assistance Group
1301 McKinney Street
Houston, TX 77010
Office of Thrift Supervision
Regulates federal savings and loan associations and federal savings banks
1700 G Street, NW
Washington, DC 20552
Securities and Exchange Commission
Regulates brokerage firms, mutual fund companies, and investment advisors
Office of Investor Education and Assistance
450 5th Street, NW
Washington, DC 20549-0213
Laws Affecting Your Personal Financial Privacy
Two federal laws cover different aspects of how companies can share your financial information: the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA).
Fair Credit Reporting Act (FCRA)
The FCRA protects the privacy of certain information distributed by consumer reporting companies, which gather and sell information about you, like where you live, how you pay your bills, and whether you’ve been sued or arrested, or have filed for bankruptcy. Under the law, consumer reporting companies can release your information only to third parties that have a permissible purpose to obtain it, like creditors, insurers, employers, and other businesses that use it to evaluate your applications for credit, insurance, employment, or renting a home. When a financial company gets your credit report, it may want to share that information with an affiliate — a company that owns your financial company, that your financial company owns, or that is part of the same parent organization or corporate family. Under the FCRA, however, if the financial company plans to share certain information — for example, from your credit report or your credit application — with its affiliates, it will usually first notify you and give you an opportunity to opt out. This notice is likely to be included in the privacy notice you get from the financial company under the GLBA.
Gramm-Leach-Bliley Act (GLBA)
Under the GLBA, financial companies must tell you about their policies regarding the privacy of your personal financial information. With some exceptions, the law limits the ability of financial companies to share your personal financial information with certain non-affiliates without first notifying you about the sharing and providing you with an opportunity to opt-out. A non-affiliate is a company that is unrelated to your financial company.
Under the GLBA, your financial company can provide your personal financial information to certain non-affiliated companies, including service providers and joint marketers — companies that have an agreement with your financial company to offer you other financial products or services — without providing you with an opportunity to opt out. But before it shares your information with other third-party non-affiliates, your financial company must tell you about its information sharing practices and give you the opportunity to opt out.