FDIC right to privacy
You have a right to financial privacy
under the Gramm-Leach-Bliley Act of 1999. This federal law requires
your financial institutions to provide notices describing the type
of information they intend to share with third parties and how customers
may "opt out" or say "no" to information sharing
under certain circumstances. Financial institutions were required
to send notices to existing customers by July 1, 2001. Thereafter,
new customers also will get privacy notices, and all customers will
receive a notice annually. We previously invited readers to submit
questions about their financial privacy rights. Here are some of the
questions we received, and our answers.
Can I contact my bank and credit
card companies to request that they not share my information or
do I need to fill out a form?
Financial Institutions
Financial institutions that intend to
share non-public personal information about consumers with other companies
must give those individuals a chance to opt out, with certain exceptions
(such as for information needed to process loans, mail account statements
or conduct other normal business). But when it comes to how customers
can opt out, the rules leave that up to each financial institution,
provided the procedures are reasonable.
Institutions must describe their opt-out
procedures in their privacy notices. For example, your institution
may require you to complete and return a form, or it may require you
to call a certain phone number. To ensure that your request is honored,
it's important to follow the institution's opt-out instructions. If
you don't have a copy of your institution's requirements, call the
customer service department and ask how to opt out.
Some of the institutions don't say anything
about contacting them to opt out, yet according to the notices, these
institutions are sharing plenty of information. When can an institution
share information without giving a customer a chance to opt out?
Under the Gramm-Leach-Bliley Act, you
cannot stop an institution from providing personal information to
outside companies and organizations if, for example, the information
is used to:
Market the institution's own products or services;
Market
certain products or services jointly with another financial institution.
Enable
a third party to help conduct normal business for your institution,
such as handling data processing for accounts or mailing account statements.
In addition, the federal Fair Credit
Reporting Act (FCRA)
allows an institution to share with affiliates (other parts of the
same corporate family) certain information based on your transactions
with the institution. This kind of information sharing also can be
done without giving you an opportunity to say no.
Example: Your bank can tell an affiliated
brokerage firm that you have a certificate of deposit about to mature,
so it can offer you an investment alternative. Your bank, however,
cannot provide an affiliate with personal information from, say, your
credit report or loan application unless you're given a chance to
opt out first (because that information is not based solely on transactions
you've conducted with the bank).
If I send the proper notice that I wish
to opt out, do I have to redo this form each year or will my initial
notice remain in effect?
You do not need to renew your opt-out
instructions with a bank or other financial institution. One request
will remain in effect indefinitely unless you contact the institution
asking to cancel it. But let's say your institution later decides
to expand how much customer information it intends to provide to other
companies. If it's the kind of information the law says you have a
right to prevent from being shared, "your institution must provide
you with a revised privacy notice and give you an opportunity to opt
out of the new information sharing," says David Lafleur, Policy
Analyst for the FDIC's Division of Supervision and Consumer Protection.
"This is another example why we say you should pay attention
to every privacy notice you get from your financial institutions."
We've also been asked what happens to
a consumer's opt-out request if your bank merges with another institution
and the "new" bank has a privacy policy that is less protective
of your personal information. Here, the merged institution must give
you the right to opt out before it could apply that less-protective
policy to your personal information.
If I opt out of information sharing
because I don't want unsolicited offers, does this prevent my bank
from reporting my creditworthiness to credit bureaus and, therefore,
to other institutions I may be applying to for credit?
No, even if you opt out, your bank or
other financial services firms still can, and will, report private
information to credit bureaus. Why? Because the privacy law specifically
permits institutions to provide nonpublic personal information to
credit bureaus.
Credit bureaus are companies that collect
facts about a person's financial responsibility, such as the timeliness
of loan payments. Banks rely on reports from credit bureaus when deciding,
for example, to grant a loan or a credit card to a particular consumer,
and those reports can only be prepared if financial institutions maintain
a regular, free flow of information to credit bureaus.
Friends and relatives have forwarded
to me the same anonymous e-mail message warning that, as of July 1,
credit bureaus can share my credit information, mailing address, telephone
number and other information "to anyone who requests it"
unless I opt out. Is this true?
No, that's a false rumor widely circulated
on the Internet. It's apparently based on someone's misinterpretation
of the July 1 date in the Gramm-Leach-Bliley Act for banks and other
financial institutions to send out privacy mailings to customers.
Here's what you should know: Credit bureaus can't release the information
in your credit report to just anyone who asks for it. Under the Fair
Credit Reporting Act, a credit bureau can only provide this information
to people and businesses with a legitimate right to obtain it, as
specified in the law. For example, a company has a right to get your
credit report if you apply for a credit card, a home equity loan or
an insurance product.
However, there are opt-out provisions
in the FCRA. One, for example, gives you the right to prohibit credit
bureaus from providing information to companies that want to send
you unsolicited offers of credit or insurance. The easiest way to
remove your name from these special marketing lists sold by credit
bureaus is to make one toll-free phone call to 888-5-OPTOUT (888-567-8688),
a service operated on behalf of the nation's largest credit bureaus.
A phone request to the credit bureaus is only good for two years.
Thereafter, you would have to call again to renew for another two
years. To opt out indefinitely, you must submit a written request
using a special form that you can order from the toll-free number.
The central phone service for credit
bureau opt-outs is an automated system that will ask you to leave
personal information, including your Social Security number. While
this automated service promises confidentiality, if you are reluctant
to leave your Social Security number, then you should write a letter
(not an e-mail) to any one of the credit bureaus listed below and
ask it to share your opt-out request with the other companies. Be
sure to include your full name, address, Social Security number and
signature. Also specify if you want to opt out for two years or indefinitely,
in which case you will receive the form to complete. Write to:
Equifax Inc., Options, P.O. Box 740123,
Atlanta, GA 30374-0123;
Experian, Opt-Out, P. O. Box 919, Allen, TX 75013-0919;
Innovis, Consumer Opt Out, P. O. Box 219297, Houston, TX 77218-9297;
or
TransUnion, Name Removal Option, P.O. Box 97328, Jackson, MS 39288-7328.
FDIC Home Page
