Skip Header
U.S. flag

An official website of the United States government

Financial Privacy... Our Answers to Your Questions

In the Winter edition of FDIC Consumer News, we described your rights to financial privacy under the Gramm-Leach-Bliley Act of 1999. This federal law requires your financial institutions to provide notices describing the type of information they intend to share with third parties and how customers may "opt out" or say "no" to information sharing under certain circumstances. Financial institutions were required to send notices to existing customers by July 1, 2001. Thereafter, new customers also will get privacy notices, and all customers will receive a notice annually. We previously invited readers to submit questions about their financial privacy rights. Here are some of the questions we received, and our answers.

Can I contact my bank and credit card companies to request that they not share my information or do I need to fill out a form?

Financial institutions that intend to share non-public personal information about consumers with other companies must give those individuals a chance to opt out, with certain exceptions (such as for information needed to process loans, mail account statements or conduct other normal business). But when it comes to how customers can opt out, the rules leave that up to each financial institution, provided the procedures are reasonable.

Institutions must describe their opt-out procedures in their privacy notices. For example, your institution may require you to complete and return a form, or it may require you to call a certain phone number. To ensure that your request is honored, it's important to follow the institution's opt-out instructions. If you don't have a copy of your institution's requirements, call the customer service department and ask how to opt out.

Some of the institutions don't say anything about contacting them to opt out, yet according to the notices, these institutions are sharing plenty of information. When can an institution share information without giving a customer a chance to opt out?

Under the Gramm-Leach-Bliley Act, you cannot stop an institution from providing personal information to outside companies and organizations if, for example, the information is used to:

In addition, the federal Fair Credit Reporting Act (FCRA) allows an institution to share with affiliates (other parts of the same corporate family) certain information based on your transactions with the institution. This kind of information sharing also can be done without giving you an opportunity to say no.

Example: Your bank can tell an affiliated brokerage firm that you have a certificate of deposit about to mature, so it can offer you an investment alternative. Your bank, however, cannot provide an affiliate with personal information from, say, your credit report or loan application unless you're given a chance to opt out first (because that information is not based solely on transactions you've conducted with the bank).

If I send the proper notice that I wish to opt out, do I have to redo this form each year or will my initial notice remain in effect?

You do not need to renew your opt-out instructions with a bank or other financial institution. One request will remain in effect indefinitely unless you contact the institution asking to cancel it. But let's say your institution later decides to expand how much customer information it intends to provide to other companies. If it's the kind of information the law says you have a right to prevent from being shared, "your institution must provide you with a revised privacy notice and give you an opportunity to opt out of the new information sharing," says David Lafleur, Policy Analyst for the FDIC's Division of Supervision and Consumer Protection. "This is another example why we say you should pay attention to every privacy notice you get from your financial institutions."

We've also been asked what happens to a consumer's opt-out request if your bank merges with another institution and the "new" bank has a privacy policy that is less protective of your personal information. Here, the merged institution must give you the right to opt out before it could apply that less-protective policy to your personal information.

If I opt out of information sharing because I don't want unsolicited offers, does this prevent my bank from reporting my creditworthiness to credit bureaus and, therefore, to other institutions I may be applying to for credit?

No, even if you opt out, your bank or other financial services firms still can, and will, report private information to credit bureaus. Why? Because the privacy law specifically permits institutions to provide nonpublic personal information to credit bureaus.

Credit bureaus are companies that collect facts about a person's financial responsibility, such as the timeliness of loan payments. Banks rely on reports from credit bureaus when deciding, for example, to grant a loan or a credit card to a particular consumer, and those reports can only be prepared if financial institutions maintain a regular, free flow of information to credit bureaus.

Friends and relatives have forwarded to me the same anonymous e-mail message warning that, as of July 1, credit bureaus can share my credit information, mailing address, telephone number and other information "to anyone who requests it" unless I opt out. Is this true?

No, that's a false rumor widely circulated on the Internet. It's apparently based on someone's misinterpretation of the July 1 date in the Gramm-Leach-Bliley Act for banks and other financial institutions to send out privacy mailings to customers. Here's what you should know: Credit bureaus can't release the information in your credit report to just anyone who asks for it. Under the Fair Credit Reporting Act, a credit bureau can only provide this information to people and businesses with a legitimate right to obtain it, as specified in the law. For example, a company has a right to get your credit report if you apply for a credit card, a home equity loan or an insurance product.

However, there are opt-out provisions in the FCRA. One, for example, gives you the right to prohibit credit bureaus from providing information to companies that want to send you unsolicited offers of credit or insurance. The easiest way to remove your name from these special marketing lists sold by credit bureaus is to make one toll-free phone call to 888-5-OPTOUT (888-567-8688), a service operated on behalf of the nation's largest credit bureaus. A phone request to the credit bureaus is only good for two years. Thereafter, you would have to call again to renew for another two years. To opt out indefinitely, you must submit a written request using a special form that you can order from the toll-free number.

The central phone service for credit bureau opt-outs is an automated system that will ask you to leave personal information, including your Social Security number. While this automated service promises confidentiality, if you are reluctant to leave your Social Security number, then you should write a letter (not an e-mail) to any one of the credit bureaus listed below and ask it to share your opt-out request with the other companies. Be sure to include your full name, address, Social Security number and signature. Also specify if you want to opt out for two years or indefinitely, in which case you will receive the form to complete. Write to:

Reprinted from FDIC Consumer News.