Home > News & Events > Inactive Financial Institution Letters




Inactive Financial Institution Letters

Privacy of Consumer Financial Information

Back To FIL-46-2001 Modules 1 - 6

SUBPART A

Initial Privacy Notice
Yes No
Yes

No

  1. Does the institution provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to all customers not later than when the customer relationship is established, other than as allowed in paragraph (e) of section four (4) of the regulation? [§4(a)(1))]


  2. (Note: no notice is required if nonpublic personal information is disclosed to nonaffiliated third parties only under an exception in Sections 14 and 15, and there is no customer relationship. [§4(b)] With respect to credit relationships, an institution establishes a customer relationship when it originates a consumer loan. If the institution subsequently sells the servicing rights to the loan to another financial institution, the customer relationship transfers with the servicing rights. [§4(c)])


Yes No
  1. Does the institution provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to all consumers, who are not customers, before any nonpublic personal information about the consumer is disclosed to a nonaffiliated third party, other than under an exception in §§14 or 15? [§4(a)(2)]


Yes No
  1. Does the institution provide to existing customers, who obtain a new financial product or service, an initial privacy notice that covers the customer's new financial product or service, if the most recent notice provided to the customer was not accurate with respect to the new financial product or service? [§4(d)(1)]


Yes No
  1. Does the institution provide initial notice after establishing a customer relationship only if:
Yes No
    1. the customer relationship is not established at the customer's election; [§4(e)(1)(i)] or
Yes No
    1. to do otherwise would substantially delay the customer's transaction (e.g. in the case of a telephone application), and the customer agrees to the subsequent delivery? [§4 (e)(1)(ii)]


Yes No
  1. When the subsequent delivery of a privacy notice is permitted, does the institution provide notice after establishing a customer relationship within a reasonable time? [§4(e)]


Annual Privacy Notice
Yes No
Yes

No

  1. Does the institution provide a clear and conspicuous notice that accurately reflects its privacy policies and practices at least annually (that is, at least once in any period of 12 consecutive months) to all customers, throughout the customer relationship? [§5(a)(1)and (2)]


  2. (Note: annual notices are not required for former customers. [§5(b)(1)and (2)])


Yes No
  1. Does the institution provide an annual privacy notice to each customer whose loan the institution owns the right to service? [5(c), 4(c)(2)]


Content of Privacy Notices
Yes No
Yes No
  1. Do the initial, annual, and revised privacy notices include each of the following, as applicable:
Yes No
    1. the categories of nonpublic personal information that the institution collects; [§6(a)(1)]
Yes No
    1. the categories of nonpublic personal information that the institution discloses; [§6(a)(2)]
Yes No
    1. the categories of affiliates and nonaffiliated third parties to whom the institution discloses nonpublic personal information, other than parties to whom information is disclosed under an exception in §14 or §15; [§6(a)(3)]
Yes No
    1. the categories of nonpublic personal information disclosed about former customers, and the categories of affiliates and nonaffiliated third parties to whom the institution discloses that information, other than those parties to whom the institution discloses information under an exception in §14 or §15; [§6(a)(4)]
Yes No
    1. if the institution discloses nonpublic personal information to a nonaffiliated third party under §13, and no exception under §14 or §15 applies, a separate statement of the categories of information the institution discloses and the categories of third parties with whom the institution has contracted; [§6(a)(5)]
Yes No
    1. an explanation of the opt out right, including the method(s) of opt out that the consumer can use at the time of the notice; [§6(a)(6)]
Yes No
    1. any disclosures that the institution makes under §603(d)(2)(A)(iii) of the Fair Credit Reporting Act (FCRA); [§6(a)(7)]
Yes No
    1. the institution's policies and practices with respect to protecting the confidentiality and security of nonpublic personal information; [§6(a)(8)] and
Yes No
    1. a general statement--with no specific reference to the exceptions or to the third parties--that the institution makes disclosures to other nonaffiliated third parties as permitted by law? [6(a)(9), (b)]

(Note: sample clauses for these items appear in Appendix A of the Regulation.)


Yes No
  1. Does the institution list the following categories of nonpublic personal information that it collects, as applicable:
Yes No
    1. information from the consumer; [§6(c)(1)(i)]
Yes No
    1. information about the consumer's transactions with the institution or its affiliates; [§6(c)(1)(ii)]
Yes No
    1. information about the consumer's transactions with nonaffiliated third parties; [§6(c)(1)(iii)] and
Yes No
    1. information from a consumer reporting agency? [§6(c)(1)(iv)]


Yes No
  1. Does the institution list the following categories of nonpublic personal information that it discloses, as applicable, and a few examples of each, or alternatively state that it reserves the right to disclose all the nonpublic personal information that it collects:
Yes No
    1. information from the consumer;
Yes No
    1. information about the consumer's transactions with the institution or its affiliates;
Yes No
    1. information about the consumer's transactions with nonaffiliated third parties; and
Yes No
    1. information from a consumer reporting agency? [§6(c)(2)]

(Note: examples are recommended under 6(c)(2) although not under §6(c)(1).)


Yes No
  1. Does the institution list the following categories of affiliates and nonaffiliated third parties to whom it discloses information, as applicable, and a few examples to illustrate the types of the third parties in each category:
Yes No
    1. financial service providers; [§6(c)(3)(i)]
Yes No
    1. non-financial companies; [§6(c)(3)(ii)] and
Yes No
    1. others? [§6(c)(3)(iii)]


Yes No
  1. Does the institution make the following disclosures regarding service providers and joint marketers to whom it discloses nonpublic personal information under §13:
Yes No
    1. as applicable, the same categories and examples of nonpublic personal information disclosed as described in paragraphs (a)(2) and (c)(2) of section six (6) (see questions 8b and 10); and [§6(c)(4)(i)]
Yes No
    1. that the third party is a service provider that performs marketing on the institution's behalf or on behalf of the institution and another financial institution; [§6(c)(4)(ii)(A)] or
Yes No
    1. that the third party is a financial institution with which the institution has a joint marketing agreement? [§6(c)(4)(ii)(B)]


Yes No
  1. If the institution does not disclose nonpublic personal information, and does not reserve the right to do so, other than under exceptions in §14 and §15, does the institution provide a simplified privacy notice that contains at a minimum:
Yes No
    1. a statement to this effect;
Yes No
    1. the categories of nonpublic personal information it collects;
Yes No
    1. the policies and practices the institution uses to protect the confidentiality and security of nonpublic personal information; and
Yes No
    1. a general statement that the institution makes disclosures to other nonaffiliated third parties as permitted by law? [§6(c)(5)]

(Note: use of this type of simplified notice is optional; an institution may always use a full notice.)


Yes No
  1. Does the institution describe the following about its policies and practices with respect to protecting the confidentiality and security of nonpublic personal information:
Yes No
    1. who is authorized to have access to the information; and [§6(c)(6)(i)]
Yes No
    1. whether security practices and policies are in place to ensure the confidentiality of the information in accordance with the institution's policy? [§6(c)(6)(ii)]

(Note: the institution is not required to describe technical information about the safeguards used in this respect.)


Yes No
  1. If the institution provides a short-form initial privacy notice with the opt out notice, does the institution do so only to consumers with whom the institution does not have a customer relationship? [§6(d)(1)]


Yes No
  1. If the institution provides a short-form initial privacy notice according to §6(d)(1), does the short-form initial notice:
Yes No
    1. conform to the definition of "clear and conspicuous"; [§6(d)(2)(i)]
Yes No
    1. state that the institution's full privacy notice is available upon request; [§6(d)(2)(ii)] and
Yes No
    1. explain a reasonable means by which the consumer may obtain the notice? [§6(d)(2)(iii)]

(Note: the institution is not required to deliver the full privacy notice with the short-form initial notice. [§6(d)(3)])


Yes No
  1. Does the institution provide consumers who receive the short-form initial notice with a reasonable means of obtaining the longer initial notice, such as:
Yes No
    1. a toll-free telephone number that the consumer may call to request the notice; [§6(d)(4)(i)] or
Yes No
    1. for the consumer who conducts business in person at the institution's office, having copies available to provide immediately by hand-delivery? [§6(d)(4)(ii)]


Yes No
  1. If the institution, in its privacy policies, reserves the right to disclose nonpublic personal information to nonaffiliated third parties in the future, does the privacy notice include, as applicable, the:
Yes No
    1. categories of nonpublic personal information that the financial institution reserves the right to disclose in the future, but does not currently disclose; [§6(e)(1)] and
Yes No
    1. categories of affiliates or nonaffiliated third parties to whom the financial institution reserves the right in the future to disclose, but to whom it does not currently disclose, nonpublic personal information? [§6(e)(2)]


Opt Out Notice
Yes No
Yes No
  1. If the institution discloses nonpublic personal information about a consumer to a nonaffiliated third party, and the exceptions under §§13-15 do not apply, does the institution provide the consumer with a clear and conspicuous opt out notice that accurately explains the right to opt out? [§7(a)(1)]


Yes No
  1. Does the opt out notice state:
Yes No
    1. that the institution discloses or reserves the right to disclose nonpublic personal information about the consumer to a nonaffiliated third party; [§7(a)(1)(i)]
Yes No
    1. that the consumer has the right to opt out of that disclosure; [§7(a)(1)(ii)] and
Yes No
    1. a reasonable means by which the consumer may opt out? [§7(a)(1)(iii)]


Yes No
  1. Does the institution provide the consumer with the following information about the right to opt out:
Yes No
    1. all the categories of nonpublic personal information that the institution discloses or reserves the right to disclose; [§7(a)(2)(i)(A)]
Yes No
    1. all the categories of nonaffiliated third parties to whom the information is disclosed; [§7(a)(2)(i)(A)];
Yes No
    1. that the consumer has the right to opt out of the disclosure of that information; [§7(a)(2)(i)(A)] and
Yes No
    1. the financial products or services that the consumer obtains to which the opt out direction would apply? [§7(a)(2)(i)(B)]


Yes No
  1. Does the institution provide the consumer with at least one of the following reasonable means of opting out, or with another reasonable means:
Yes No
    1. check-off boxes prominently displayed on the relevant forms with the opt out notice; [§7(a)(2)(ii)(A)]
Yes No
    1. a reply form included with the opt out notice; [§7(a)(2)(ii)(B)]
Yes No
    1. an electronic means to opt out, such as a form that can be sent via electronic mail or a process at the institution's web site, if the consumer agrees to the electronic delivery of information; [§7(a)(2)(ii)(C)] or
Yes No
    1. a toll-free telephone number? [§7(a)(2)(ii)(D)]

(Note: the institution may require the consumer to use one specific means, as long as that means is reasonable for that consumer. [§7(a)(iv)])


Yes No
  1. If the institution delivers the opt out notice after the initial notice, does the institution provide the initial notice once again with the opt out notice? [§7(c)]


Yes No
  1. Does the institution provide an opt out notice, explaining how the institution will treat opt out directions by the joint consumers, to at least one party in a joint consumer relationship? [§7(d)(1)]


Yes No
  1. Does the institution permit each of the joint consumers in a joint relationship to opt out? [§7(d)(2)]


Yes No
  1. Does the opt out notice to joint consumers state that either:
Yes No
    1. the institution will consider an opt out by a joint consumer as applying to all associated joint consumers; [§7(d)(2)(i)] or
Yes No
    1. each joint consumer is permitted to opt out separately? [§7(d)(2)(ii)]


Yes No
  1. If each joint consumer may opt out separately, does the institution permit:
Yes No
    1. one joint consumer to opt out on behalf of all of the joint consumers; [§7(d)(3)]
Yes No
    1. the joint consumers to notify the institution in a single response; [§7(d)(5)] and
Yes No
    1. each joint consumer to opt out either for himself or herself, and/or for another joint consumer? [§7(d)(5)]


Yes No
  1. Does the institution refrain from requiring all joint consumers to opt out before implementing any opt out direction with respect to the joint account? [§7(d)(4)]


Yes No
  1. Does the institution comply with a consumer's direction to opt out as soon as is reasonably practicable after receiving it? [§7(e)]


Yes No
  1. Does the institution allow the consumer to opt out at any time? [§7(f)]


Yes No
  1. Does the institution continue to honor the consumer's opt out direction until revoked by the consumer in writing, or, if the consumer agrees, electronically? [§7(g)(1)]


Yes No
  1. When a customer relationship ends, does the institution continue to apply the customer's opt out direction to the nonpublic personal information collected during, or related to, that specific customer relationship (but not to new relationships, if any, subsequently established by that customer)? [§7(g)(2)]


Revised Notices
Yes No
Yes No
  1. Except as permitted by §§13-15, does the institution refrain from disclosing any nonpublic personal information about a consumer to a nonaffiliated third party, other than as described in the initial privacy notice provided to the consumer, unless:
Yes No
    1. the institution has provided the consumer with a clear and conspicuous revised notice that accurately describes the institution's privacy policies and practices; [§8(a)(1)]
Yes No
    1. the institution has provided the consumer with a new opt out notice; [§8(a)(2)]
Yes No
    1. the institution has given the consumer a reasonable opportunity to opt out of the disclosure, before disclosing any information; [§8(a)(3)] and
Yes No
    1. the consumer has not opted out? [§8(a)(4)]


Yes No
  1. Does the institution deliver a revised privacy notice when it:
Yes No
    1. discloses a new category of nonpublic personal information to a nonaffiliated third party; [§8(b)(1)(i)]
Yes No
    1. discloses nonpublic personal information to a new category of nonaffiliated third party; [§8(b)(1)(ii)] or
Yes No
    1. discloses nonpublic personal information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt out right regarding that disclosure? [§8(b)(1)(iii)]

(Note: a revised notice is not required if the institution adequately described the nonaffiliated third party or information to be disclosed in the prior privacy notice. [8(b)(2)])


Delivery Methods
Yes No
Yes No
  1. Does the institution deliver the privacy and opt out notices, including the short-form notice, so that the consumer can reasonably be expected to receive actual notice in writing or, if the consumer agrees, electronically? [§9(a)]


Yes No
  1. Does the institution use a reasonable means for delivering the notices, such as:
Yes No
    1. hand-delivery of a printed copy; [§9(b)(1)(i)]
Yes No
    1. mailing a printed copy to the last known address of the consumer; [§9(b)(1)(ii)]
Yes No
    1. for the consumer who conducts transactions electronically, clearly and conspicuously posting the notice on the institution's electronic site and requiring the consumer to acknowledge receipt as a necessary step to obtaining a financial product or service; [§9(b)(1)(iii)] or
Yes No
    1. for isolated transactions, such as ATM transactions, posting the notice on the screen and requiring the consumer to acknowledge receipt as a necessary step to obtaining the financial product or service? [§9(b)(1)(iv)]

(Note: insufficient or unreasonable means of delivery include: exclusively oral notice, in person or by telephone; branch or office signs or generally published advertisements; and electronic mail to a customer who does not obtain products or services electronically. [§9 (b)(2)(i) and (ii), and (d)])


Yes No
  1. For annual notices only, if the institution does not employ one of the methods described in question 36, does the institution employ one of the following reasonable means of delivering the notice such as:
Yes No
    1. for the customer who uses the institution's web site to access products and services electronically and who agrees to receive notices at the web site, continuously posting the current privacy notice on the web site in a clear and conspicuous manner; [§9(c)(1)] or
Yes No
    1. for the customer who has requested the institution refrain from sending any information about the customer relationship, making copies of the current privacy notice available upon customer request? [§9(c)(2)]


Yes No
  1. For customers only, does the institution ensure that the initial, annual, and revised notices may be retained or obtained later by the customer in writing, or if the customer agrees, electronically? [§9(e)(1)]


Yes No
  1. Does the institution use an appropriate means to ensure that notices may be retained or obtained later, such as:
Yes No
    1. hand-delivery of a printed copy of the notice; [§9(e)(2)(i)]
Yes No
    1. mailing a printed copy to the last known address of the customer; [§9(e)(2)(ii)] or
Yes No
    1. making the current privacy notice available on the institution's web site (or via a link to the notice at another site) for the customer who agrees to receive the notice at the web site? [§9(e)(2)(iii)]


Yes No
  1. Does the institution provide at least one initial, annual, and revised notice, as applicable, to joint consumers? [§9(g)]



SUBPART B

Limits on Disclosure to Nonaffiliated Third Parties
Yes No
Yes No
  1. Does the institution refrain from disclosing any nonpublic personal information about a consumer to a nonaffiliated third party, other than as permitted under §§13-15, unless:
Yes No
    1. it has provided the consumer with an initial notice; [§10(a)(1)(i)]
Yes No
    1. it has provided the consumer with an opt out notice; [§10(a)(1)(ii)]
Yes No
    1. it has given the consumer a reasonable opportunity to opt out before the disclosure; [§10(a)(1)(iii)] and
Yes No
    1. the consumer has not opted out? [§10(a)(1)(iv)]

(Note: this disclosure limitation applies to consumers as well as to customers [10(b)(1)], and to all nonpublic personal information regardless of whether collected before or after receiving an opt out direction. [§10(b)(2)])


Yes No
  1. Does the institution provide the consumer with a reasonable opportunity to opt out such as by:
Yes No
    1. mailing the notices required by 10 and allowing the consumer to respond by toll-free telephone number, return mail, or other reasonable means (see question 22) within 30 days from the date mailed; [§10(a)(3)(i)]
Yes No
    1. where the consumer opens an on-line account with the institution and agrees to receive the notices required by §10 electronically, allowing the consumer to opt out by any reasonable means (see question 22) within 30 days from consumer acknowledgement of receipt of the notice in conjunction with opening the account; [§10(a)(3)(ii)] or
Yes No
    1. for isolated transactions, providing the notices required by §10 at the time of the transaction and requesting that the consumer decide, as a necessary part of the transaction, whether to opt out before the completion of the transaction? [§10(a)(3)(iii)]


Yes No
  1. Does the institution allow the consumer to select certain nonpublic personal information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out? [§10(c)]

(Note: an institution may allow partial opt outs in addition to, but may not allow them instead of, a comprehensive opt out.)


Limits on Redisclosure and Reuse of Information
Yes No
Yes No
  1. If the institution receives information from a nonaffiliated financial institution under an exception in §14 or §15, does the institution refrain from using or disclosing the information except:
Yes No
    1. to disclose the information to the affiliates of the financial institution from which it received the information; [§11(a)(1)(i)]
Yes No
    1. to disclose the information to its own affiliates, which are in turn limited by the same disclosure and use restrictions as the recipient institution; [§11(a)(1)(ii)] and
Yes No
    1. to disclose and use the information pursuant to an exception in §14 or §15 in the ordinary course of business to carry out the activity covered by the exception under which the information was received? [§11(a)(1)(iii)]

(Note: the disclosure or use described in section c of this question need not be directly related to the activity covered by the applicable exception. For instance, an institution receiving information for fraud-prevention purposes could provide the information to its auditors. But "in the ordinary course of business" does not include marketing. [§11(a)(2)])


Yes No
  1. If the institution receives information from a nonaffiliated financial institution other than under an exception in §14 or §15, does the institution refrain from disclosing the information except:
Yes No
    1. to the affiliates of the financial institution from which it received the information; [§11(b)(1)(i)]
Yes No
    1. to its own affiliates, which are in turn limited by the same disclosure restrictions as the recipient institution; [§11(b)(1)(ii)] and
Yes No
    1. to any other person, if the disclosure would be lawful if made directly to that person by the institution from which the recipient institution received the information? [§11(b)(1)(iii)]


Limits on Sharing Account Number Information for Marketing Purposes
Yes No
Yes No
  1. Does the institution refrain from disclosing, directly or through affiliates, account numbers or similar forms of access numbers or access codes for a consumer's credit card account, deposit account, or transaction account to any nonaffiliated third party (other than to a consumer reporting agency) for telemarketing, direct mail or electronic mail marketing to the consumer, except:
Yes No
    1. to the institution's agents or service providers solely to market the institution's own products or services, as long as the agent or service provider is not authorized to directly initiate charges to the account; [§12(b)(1)] or
Yes No
    1. to a participant in a private label credit card program or an affinity or similar program where the participants in the program are identified to the customer when the customer enters into the program? [§12(b)(2)]

(Note: an "account number or similar form of access number or access code" does not include numbers in encrypted form, so long as the institution does not provide the recipient with a means of decryption. [§12(c)(1)] A transaction account does not include an account to which third parties cannot initiate charges. [§12(c)(2)])



SUBPART C

Exception to Opt Out Requirements for Service Providers and Joint Marketing
Yes No
Yes No
  1. If the institution discloses nonpublic personal information to a nonaffiliated third party without permitting the consumer to opt out, do the opt out requirements of §7 and §10, and the revised notice requirements in §8, not apply because:
Yes No
    1. the institution disclosed the information to a nonaffiliated third party who performs services for or functions on behalf of the institution (including joint marketing of financial products and services offered pursuant to a joint agreement as defined in paragraph (b) of §13); [§13(a)(1)]
Yes No
    1. the institution has provided consumers with the initial notice; [§13(a)(1)(i)] and
Yes No
    1. the institution has entered into a contract with that party prohibiting the party from disclosing or using the information except to carry out the purposes for which the information was disclosed, including use under an exception in §14 or §15 in the ordinary course of business to carry out those purposes? [§13(a)(1)(ii)]


Exceptions to Notice and Opt Out Requirements for Processing and Servicing Transactions
Yes No
Yes No
  1. If the institution discloses nonpublic personal information to nonaffiliated third parties, do the requirements for initial notice in §4(a)(2), opt out in §§7 and 10, revised notice in §8, and for service providers and joint marketing in §13, not apply because the information is disclosed as necessary to effect, administer, or enforce a transaction that the consumer requests or authorizes, or in connection with:
Yes No
    1. servicing or processing a financial product or service requested or authorized by the consumer; [§14(a)(1)]
Yes No
    1. maintaining or servicing the consumer's account with the institution or with another entity as part of a private label credit card program or other credit extension on behalf of the entity; or [§14(a)(2)]
Yes No
    1. a proposed or actual securitization, secondary market sale (including sale of servicing rights) or other similar transaction related to a transaction of the consumer? [§14(a)(3)]


Yes No
  1. If the institution uses a Section 14 exception as necessary to effect, administer, or enforce a transaction, is it :
Yes No
    1. required, or is one of the lawful or appropriate methods to enforce the rights of the institution or other persons engaged in carrying out the transaction or providing the product or service; [§14(b)(1)] or
Yes No
    1. required, or is a usual, appropriate, or acceptable method to:[§14(b)(2)]
Yes No
      1. carry out the transaction or the product or service business of which the transaction is a part, including recording, servicing, or maintaining the consumer's account in the ordinary course of business; [§14(b)(2)(i)]
Yes No
      1. administer or service benefits or claims; [§14(b)(2)(ii)]
Yes No
      1. confirm or provide a statement or other record of the transaction or information on the status or value of the financial service or financial product to the consumer or the consumer's agent or broker; [§14(b)(2)(iii)]
Yes No
      1. accrue or recognize incentives or bonuses; [§14(b)(2)(iv)]
Yes No
      1. underwrite insurance or for reinsurance or for certain other purposes related to a consumer's insurance; [§14(b)(2)(v)] or
Yes No
      1. in connection with:
Yes No
        (1) the authorization, settlement, billing, processing, clearing, transferring, reconciling, or collection of amounts charged, debited, or otherwise paid by using a debit, credit, or other payment card, check, or account number, or by other payment means; [§14(b)(2)(vi)(A)]
Yes No
        (2) the transfer of receivables, accounts or interests therein; [§14(b)(2)(vi)(B)] or
Yes No
        (3) the audit of debit, credit, or other payment information? [§14(b)(2)(vi)(C)]


Other Exceptions to Notice and Opt Out Requirements
Yes No
Yes No
  1. If the institution discloses nonpublic personal information to nonaffiliated third parties, do the requirements for initial notice in §4(a)(2), opt out in §§7 and 10, revised notice in §8, and for service providers and joint marketers in §13, not apply because the institution makes the disclosure:
Yes No
    1. with the consent or at the direction of the consumer; [§15(a)(1)]
    1.  
Yes No
      1. to protect the confidentiality or security of records; [§15(a)(2)(i)]
Yes No
      1. to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; [§15(a)(2)(ii)]
Yes No
      1. iii. for required institutional risk control or for resolving consumer disputes or inquiries; [15(a)(2)(iii)]
Yes No
      1. to persons holding a legal or beneficial interest relating to the consumer; [§15(a)(2)(iv)] or
Yes No
      1. to persons acting in a fiduciary or representative capacity on behalf of the consumer; [§15(a)(2)(v)]
Yes No
    1. to insurance rate advisory organizations, guaranty funds or agencies, agencies rating the institution, persons assessing compliance, and the institution's attorneys, accountants, and auditors; [§15(a)(3)]
Yes No
    1. in compliance with the Right to Financial Privacy Act, or to law enforcement agencies; [§15(a)(4)]
Yes No
    1. to a consumer reporting agency in accordance with the FCRA or from a consumer report reported by a consumer reporting agency; [§15(a)(5)]
Yes No
    1. in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit, if the disclosure of nonpublic personal information concerns solely consumers of such business or unit; [§15(a)(6)]
Yes No
    1. to comply with Federal, state, or local laws, rules, or legal requirements; [§15(a)(7)(i)]
Yes No
    1. to comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by Federal, state, or local authorities; [§15(a)(7)(ii)] or
Yes No
    1. to respond to judicial process or government regulatory authorities having jurisdiction over the institution for examination, compliance, or other purposes as authorized by law? [§15(a)(7)(iii)]

(Note: the regulation gives the following as an example of the exception described in section a of this question: "A consumer may specifically consent to [an institution's] disclosure to a nonaffiliated insurance company of the fact that the consumer has applied to [the institution] for a mortgage so that the insurance company can offer homeowner's insurance to the consumer.")

Back To FIL-46-2001 Modules 1 - 6

Last Updated 5/18/2001 communications@fdic.gov