1 / 17

Sharing Information With Affiliates and Third Parties

Understand the detailed regulations and exceptions for sharing customer information with affiliates and third parties. Learn why, how, and when information is shared, and customers' opt-out options. Stay compliant with GLBA and FCRA requirements.

friedab
Download Presentation

Sharing Information With Affiliates and Third Parties

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Sharing Information With Affiliates and Third Parties F. Jay Meyer Vice President & Senior Counsel TD Bank, N.A. Portland, Maine

  2. Why Share Information? • To Conduct Customer Transactions • With Service Providers or Third Parties • To Conduct Your Own Business • With Attorneys, Auditors or Credit Agencies • To Market Products and Services • With Affiliates, Marketing Service Providers, Joint Marketing Partners or Third Parties • To Satisfy a Legal Requirement • With Regulators, Law Enforcement or Litigants

  3. Do Customers Have a Choice? • Gramm-Leach-Bliley and Regulation P • Routine or Required Sharing With No Opt Out • Affiliate Sharing With No Opt Out • Some Nonaffiliate Sharing Requires Opt Out • Fair Credit Reporting Act • Some Affiliate Sharing Requires Opt Out • Some Affiliate Use of Shared Information to Market Requires Opt Out • Notice of Privacy Policies • Opt Out: Chance to Opt Out After Notice

  4. GLBA/Regulation P: Definitions • Financial Institution • Consumer • Customer • Nonpublic Personal Information • Affiliate • Nonaffiliated Third Party Sources: 15 U.S.C. § 6809, 12 CFR 216.3

  5. Processing and Servicing Transactions: 12 CFR 216.14 No Opt Out Required for: • Processing Requested Transactions • Servicing Accounts or Loans • Insurance Underwriting and Administration • Enforcing Transactions • Auditing Transactions • Secondary Market Sales or Securitization • Transfer of Receivables or Accounts

  6. Other Uses With No Opt Out:12 CFR 216.15 No Opt Out Required for Sharing That Is: • With Consumer Consent • To Prevent Fraud • To Resolve Disputes • To Authorized Consumer Representatives • To Attorneys or Accountants • To Consumer Reporting Agencies • Compulsory (e.g., Subpoena, Regulator) • For a Merger or Acquisition

  7. Service Providers and Joint Marketing: 12 CFR 216.13 No Opt Out Required for Sharing With: • Nonaffiliates Performing Services for the Financial Institution • Financial Institution’s Marketing Providers • Financial Institutions Jointly Marketing Financial Products or Services by Contract Account Number Sharing for Marketing Is Restricted by 12 CFR 216.12

  8. Oversight of Service Providers • Security Program Must Include Oversight of Service Providers: Due Diligence, Contractual Safeguards and Monitoring • Service Provider Contracts Under 12 CFR 216.13 Must Prohibit Use or Disclosure of Information for Other Purposes Sources: Interagency Guidelines Establishing Information Security Standards, 12 CFR pts. 30 app. B(III)(D), 208 app. D-2(III)(D); 12 CFR 216.13(a)(ii)

  9. Nonaffiliate Sharing Requires Opt Out Unless Excepted Except as authorized by Regulation P, a Financial Institution may not disclose Nonpublic Personal Information to a nonaffiliate without notice and a reasonable opportunity to opt out. • Examples: • Marketing of Non-Financial Products • Marketing of Financial Products Unless Jointly Offered, Endorsed or Sponsored

  10. GLBA Privacy Notices • Notices Must Describe Collection, Use and Sharing of Nonpublic Personal Information • Customers Must Receive Initial, Annual and Revised Privacy Notices • Consumers Must Receive Notice Before Non-Routine, Non-Compulsory Disclosure • Simplified Notices Permitted for Consumers, or if Disclosure is Limited to Routine or Compulsory Exceptions

  11. GLBA Opt Out Notices If Required, Opt Out Notices Must State: • That Nonpublic Personal Information May Be Disclosed to a Nonaffiliate • The Consumer has a Right to Opt Out • A Reasonable Means to Opt Out Reasonable Means May Include a Reply Form, a Toll-Free Telephone Number, or Electronic Means (If the Consumer Agrees)

  12. Honoring GLBA Opt Outs • Opt Out May Be Exercised at Any Time • Opt Out May Be Partial • No Further Disclosure Subject to Opt Out • Financial Institution Must Comply With Opt Out As Soon As Reasonably Practicable • Opt Out Is Effective Until Revoked • Opt Out Continues for Customer Relationship After Relationship Terminates

  13. FCRA Sharing and Marketing • Regulates Sharing and Use of Consumer Credit Information (“Consumer Reports”) • Some “Transaction or Experience” Sharing With Affiliates or Nonaffiliates Is Excepted • Affiliates May Share “Other Information” With Notice and Opportunity to Opt Out • FACTA Requires Opt Out for Marketing Use of Information Shared By Affiliates Sources: 15 U.S.C. §§ 603(d)(1)-(2)(A), 624(a)

  14. FCRA Affiliate Sharing Opt Out • Affiliates May Share Consumer Report Information Beyond Transactions or Experiences Only With Notice and Opt Out • Transactions or Experiences Include Balances, Histories, Some Opinions • Sharing Opt Out Is Distinct From, and Predates, Marketing Use Opt Out • No Specific Regulation, but May Be Combined With Marketing Use Opt Out

  15. FCRA Marketing Use Opt Out • Required for Affiliates to Use Shared “Eligibility Information” for Marketing • Must Provide Reasonable Opportunity and Means to Opt Out (e.g., Mail, Telephone, or Electronic if Agreed, as with GLBA) • Not Required Annually; Can Be Combined • Effective for at Least 5 Years, Can Permit Longer or Indefinitely Until Revoked • After Expiration, Renewal Notice Required

  16. FCRA Opt Out Exceptions • Marketing to Preexisting Customers • Marketing on Behalf of an Affiliate If That Affiliate Could Conduct the Marketing • Responding to Requests or Inquiries • Marketing With Information Shared Prior to October 1, 2008 (the Compliance Date)

  17. ANY QUESTIONS?

More Related