PRIA Logo
Take the PRIA Score
Title 15Commerce and TradeRelease 119-73

§6803 Disclosure of institution privacy policy

Title 15 › Chapter CHAPTER 94— - PRIVACY › Subchapter SUBCHAPTER I— - DISCLOSURE OF NONPUBLIC PERSONAL INFORMATION › § 6803

Last updated Apr 6, 2026|Official source

Summary

Financial institutions must give every new customer, and at least once a year while the relationship continues, a clear written or electronic notice about their privacy practices. The notice must explain how the institution shares customers’ private personal information with affiliates and with other companies, whether it shares information about former customers, what kinds of personal data it collects, and how it keeps that information safe. It must also include details about sharing with nonaffiliated third parties (who may get data) and any specific disclosure required under section 1681a(d)(2)(A)(iii). Notices must follow rules set under section 6804. The agencies in section 6804(a)(1) must create a short, easy-to-read model form and publish it for public comment not later than 180 days after October 13, 2006; using that form means a firm is complying. Certified public accountants who are state-licensed and bound by state rules that bar disclosure without a consumer’s consent are not covered by the notice requirement, but financial institutions affiliated with such CPAs are still covered. “State” means any State or territory of the United States, the District of Columbia, Puerto Rico, Guam, American Samoa, the Trust Territory of the Pacific Islands, the Virgin Islands, or the Northern Mariana Islands.

Full Legal Text

Title 15, §6803

Commerce and Trade — Source: USLM XML via OLRC

(a)At the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship, a financial institution shall provide a clear and conspicuous disclosure to such consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 6804 of this title, of such financial institution’s policies and practices with respect to—
(1)disclosing nonpublic personal information to affiliates and nonaffiliated third parties, consistent with section 6802 of this title, including the categories of information that may be disclosed;
(2)disclosing nonpublic personal information of persons who have ceased to be customers of the financial institution; and
(3)protecting the nonpublic personal information of consumers.
(b)Disclosures required by subsection (a) shall be made in accordance with the regulations prescribed under section 6804 of this title.
(c)The disclosure required by subsection (a) shall include—
(1)the policies and practices of the institution with respect to disclosing nonpublic personal information to nonaffiliated third parties, other than agents of the institution, consistent with section 6802 of this title, and including—
(A)the categories of persons to whom the information is or may be disclosed, other than the persons to whom the information may be provided pursuant to section 6802(e) of this title; and
(B)the policies and practices of the institution with respect to disclosing of nonpublic personal information of persons who have ceased to be customers of the financial institution;
(2)the categories of nonpublic personal information that are collected by the financial institution;
(3)the policies that the institution maintains to protect the confidentiality and security of nonpublic personal information in accordance with section 6801 of this title; and
(4)the disclosures required, if any, under section 1681a(d)(2)(A)(iii) of this title.
(d)(1)The disclosure requirements of subsection (a) do not apply to any person, to the extent that the person is—
(A)a certified public accountant;
(B)certified or licensed for such purpose by a State; and
(C)subject to any provision of law, rule, or regulation issued by a legislative or regulatory body of the State, including rules of professional conduct or ethics, that prohibits disclosure of nonpublic personal information without the knowing and expressed consent of the consumer.
(2)Nothing in this subsection shall be construed to exempt or otherwise exclude any financial institution that is affiliated or becomes affiliated with a certified public accountant described in paragraph (1) from any provision of this section.
(3)For purposes of this subsection, the term “State” means any State or territory of the United States, the District of Columbia, Puerto Rico, Guam, American Samoa, the Trust Territory of the Pacific Islands, the Virgin Islands, or the Northern Mariana Islands.
(e)(1)The agencies referred to in section 6804(a)(1) of this title shall jointly develop a model form which may be used, at the option of the financial institution, for the provision of disclosures under this section.
(2)A model form developed under paragraph (1) shall—
(A)be comprehensible to consumers, with a clear format and design;
(B)provide for clear and conspicuous disclosures;
(C)enable consumers easily to identify the sharing practices of a financial institution and to compare privacy practices among financial institutions; and
(D)be succinct, and use an easily readable type font.
(3)A model form required to be developed by this subsection shall be issued in proposed form for public comment not later than 180 days after October 13, 2006.
(4)Any financial institution that elects to provide the model form developed by the agencies under this subsection shall be deemed to be in compliance with the disclosures required under this section.
(f)A financial institution that—
(1)provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 6802 of this title or regulations prescribed under section 6804(b) of this title, and
(2)has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this section,

Legislative History

Notes & Related Subsidiaries

Editorial Notes

Amendments

2015—Subsec. (f). Pub. L. 114–94 added subsec. (f). 2006—Pub. L. 109–351 designated concluding provisions of subsec. (a) as (b), inserted heading, substituted “Disclosures required by subsection (a)” for “Such disclosures”, redesignated former subsec. (b) as (c), and added subsecs. (d) and (e).

Executive Documents

Termination of Trust Territory of the Pacific Islands For termination of Trust Territory of the Pacific Islands, see note set out preceding section 1681 of Title 48, Territories and Insular Possessions.

Reference

Citations & Metadata

Citation

15 U.S.C. § 6803

Title 15Commerce and Trade

Last Updated

Apr 6, 2026

Release point: 119-73