Transcript Good e-Housekeeping

Sharing Information
With Affiliates and
Third Parties
F. Jay Meyer
Vice President & Senior Counsel
TD Bank, N.A.
Portland, Maine
Why Share Information?
 To Conduct Customer Transactions
• With Service Providers or Third Parties
 To Conduct Your Own Business
• With Attorneys, Auditors or Credit Agencies
 To Market Products and Services
• With Affiliates, Marketing Service Providers, Joint
Marketing Partners or Third Parties
 To Satisfy a Legal Requirement
• With Regulators, Law Enforcement or Litigants
Do Customers Have a Choice?
 Gramm-Leach-Bliley and Regulation P
• Routine or Required Sharing With No Opt Out
• Affiliate Sharing With No Opt Out
• Some Nonaffiliate Sharing Requires Opt Out
 Fair Credit Reporting Act
• Some Affiliate Sharing Requires Opt Out
• Some Affiliate Use of Shared Information to Market
Requires Opt Out
 Notice of Privacy Policies
 Opt Out: Chance to Opt Out After Notice
GLBA/Regulation P: Definitions
 Financial Institution
 Consumer
 Customer
 Nonpublic Personal Information
 Affiliate
 Nonaffiliated Third Party
Sources: 15 U.S.C. § 6809, 12 CFR 216.3
Processing and Servicing
Transactions: 12 CFR 216.14
No Opt Out Required for:
 Processing Requested Transactions
 Servicing Accounts or Loans
 Insurance Underwriting and Administration
 Enforcing Transactions
 Auditing Transactions
 Secondary Market Sales or Securitization
 Transfer of Receivables or Accounts
Other Uses With No Opt Out:
12 CFR 216.15
No Opt Out Required for Sharing That Is:
 With Consumer Consent
 To Prevent Fraud
 To Resolve Disputes
 To Authorized Consumer Representatives
 To Attorneys or Accountants
 To Consumer Reporting Agencies
 Compulsory (e.g., Subpoena, Regulator)
 For a Merger or Acquisition
Service Providers and Joint
Marketing: 12 CFR 216.13
No Opt Out Required for Sharing With:
 Nonaffiliates Performing Services for the
Financial Institution
 Financial Institution’s Marketing Providers
 Financial Institutions Jointly Marketing
Financial Products or Services by Contract
Account Number Sharing for Marketing Is
Restricted by 12 CFR 216.12
Oversight of Service Providers
 Security Program Must Include Oversight
of Service Providers: Due Diligence,
Contractual Safeguards and Monitoring
 Service Provider Contracts Under 12 CFR
216.13 Must Prohibit Use or Disclosure of
Information for Other Purposes
Sources: Interagency Guidelines Establishing Information
Security Standards, 12 CFR pts. 30 app. B(III)(D), 208
app. D-2(III)(D); 12 CFR 216.13(a)(ii)
Nonaffiliate Sharing Requires
Opt Out Unless Excepted
Except as authorized by Regulation P, a
Financial Institution may not disclose
Nonpublic Personal Information to a
nonaffiliate without notice and a reasonable
opportunity to opt out.
Examples:
• Marketing of Non-Financial Products
• Marketing of Financial Products Unless Jointly
Offered, Endorsed or Sponsored
GLBA Privacy Notices
 Notices Must Describe Collection, Use and
Sharing of Nonpublic Personal Information
 Customers Must Receive Initial, Annual
and Revised Privacy Notices
 Consumers Must Receive Notice Before
Non-Routine, Non-Compulsory Disclosure
 Simplified Notices Permitted for
Consumers, or if Disclosure is Limited to
Routine or Compulsory Exceptions
GLBA Opt Out Notices
If Required, Opt Out Notices Must State:
 That Nonpublic Personal Information May
Be Disclosed to a Nonaffiliate
 The Consumer has a Right to Opt Out
 A Reasonable Means to Opt Out
Reasonable Means May Include a Reply
Form, a Toll-Free Telephone Number, or
Electronic Means (If the Consumer Agrees)
Honoring GLBA Opt Outs
 Opt Out May Be Exercised at Any Time
 Opt Out May Be Partial
 No Further Disclosure Subject to Opt Out
 Financial Institution Must Comply With Opt
Out As Soon As Reasonably Practicable
 Opt Out Is Effective Until Revoked
 Opt Out Continues for Customer
Relationship After Relationship Terminates
FCRA Sharing and Marketing
 Regulates Sharing and Use of Consumer
Credit Information (“Consumer Reports”)
 Some “Transaction or Experience” Sharing
With Affiliates or Nonaffiliates Is Excepted
 Affiliates May Share “Other Information”
With Notice and Opportunity to Opt Out
 FACTA Requires Opt Out for Marketing
Use of Information Shared By Affiliates
Sources: 15 U.S.C. §§ 603(d)(1)-(2)(A), 624(a)
FCRA Affiliate Sharing Opt Out
 Affiliates May Share Consumer Report
Information Beyond Transactions or
Experiences Only With Notice and Opt Out
 Transactions or Experiences Include
Balances, Histories, Some Opinions
 Sharing Opt Out Is Distinct From, and
Predates, Marketing Use Opt Out
 No Specific Regulation, but May Be
Combined With Marketing Use Opt Out
FCRA Marketing Use Opt Out
 Required for Affiliates to Use Shared




“Eligibility Information” for Marketing
Must Provide Reasonable Opportunity and
Means to Opt Out (e.g., Mail, Telephone,
or Electronic if Agreed, as with GLBA)
Not Required Annually; Can Be Combined
Effective for at Least 5 Years, Can Permit
Longer or Indefinitely Until Revoked
After Expiration, Renewal Notice Required
FCRA Opt Out Exceptions
 Marketing to Preexisting Customers
 Marketing on Behalf of an Affiliate If That
Affiliate Could Conduct the Marketing
 Responding to Requests or Inquiries
 Marketing With Information Shared Prior to
October 1, 2008 (the Compliance Date)
ANY QUESTIONS?