§6803 — Title 15 Commerce and Trade | U.S. Code

Summary

Require banks and similar companies to give customers a clear privacy notice when they open an account and at least once a year. The notice can be paper or electronic. It must say how the company shares nonpublic personal information with affiliates and with other companies (including the kinds of information and the kinds of people it may share with), how it treats information about former customers, and how it keeps consumers’ information safe. The notice must follow rules made under section 6804. It must also list the types of nonpublic personal information collected, explain the company’s security and confidentiality practices under section 6801, and include any disclosures required under section 1681a(d)(2)(A)(iii). Federal agencies must make a model form that companies may use. The model form must be easy to read, short, clearly show sharing practices so consumers can compare companies, and be issued for public comment not later than 180 days after October 13, 2006. Using the model form counts as following the law. Certified public accountants licensed by a State who are barred by State rules from sharing without a customer’s consent are not covered here, but any financial institution affiliated with such an accountant still must follow these rules. “State” includes all U.S. States and territories listed in the law.

Title 15, §6803

Commerce and Trade — Source: USLM XML via OLRC

(a)At the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship, a financial institution shall provide a clear and conspicuous disclosure to such consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 6804 of this title, of such financial institution’s policies and practices with respect to—

(1)disclosing nonpublic personal information to affiliates and nonaffiliated third parties, consistent with section 6802 of this title, including the categories of information that may be disclosed;

(2)disclosing nonpublic personal information of persons who have ceased to be customers of the financial institution; and

(3)protecting the nonpublic personal information of consumers.

(b)Disclosures required by subsection (a) shall be made in accordance with the regulations prescribed under section 6804 of this title.

(c)The disclosure required by subsection (a) shall include—

(1)the policies and practices of the institution with respect to disclosing nonpublic personal information to nonaffiliated third parties, other than agents of the institution, consistent with section 6802 of this title, and including—

(A)the categories of persons to whom the information is or may be disclosed, other than the persons to whom the information may be provided pursuant to section 6802(e) of this title; and

(B)the policies and practices of the institution with respect to disclosing of nonpublic personal information of persons who have ceased to be customers of the financial institution;

(2)the categories of nonpublic personal information that are collected by the financial institution;

(3)the policies that the institution maintains to protect the confidentiality and security of nonpublic personal information in accordance with section 6801 of this title; and

(4)the disclosures required, if any, under section 1681a(d)(2)(A)(iii) of this title.

(d)(1)The disclosure requirements of subsection (a) do not apply to any person, to the extent that the person is—

(A)a certified public accountant;

(B)certified or licensed for such purpose by a State; and

(C)subject to any provision of law, rule, or regulation issued by a legislative or regulatory body of the State, including rules of professional conduct or ethics, that prohibits disclosure of nonpublic personal information without the knowing and expressed consent of the consumer.

(2)Nothing in this subsection shall be construed to exempt or otherwise exclude any financial institution that is affiliated or becomes affiliated with a certified public accountant described in paragraph (1) from any provision of this section.

(3)For purposes of this subsection, the term “State” means any State or territory of the United States, the District of Columbia, Puerto Rico, Guam, American Samoa, the Trust Territory of the Pacific Islands, the Virgin Islands, or the Northern Mariana Islands.

(e)(1)The agencies referred to in section 6804(a)(1) of this title shall jointly develop a model form which may be used, at the option of the financial institution, for the provision of disclosures under this section.

(2)A model form developed under paragraph (1) shall—

(A)be comprehensible to consumers, with a clear format and design;

(B)provide for clear and conspicuous disclosures;

(C)enable consumers easily to identify the sharing practices of a financial institution and to compare privacy practices among financial institutions; and

(D)be succinct, and use an easily readable type font.

(3)A model form required to be developed by this subsection shall be issued in proposed form for public comment not later than 180 days after October 13, 2006.

(4)Any financial institution that elects to provide the model form developed by the agencies under this subsection shall be deemed to be in compliance with the disclosures required under this section.

(f)A financial institution that—

(1)provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 6802 of this title or regulations prescribed under section 6804(b) of this title, and

(2)has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this section,

Notes & Related Subsidiaries

Editorial Notes

Amendments

2015—Subsec. (f). Pub. L. 114–94 added subsec. (f). 2006—Pub. L. 109–351 designated concluding provisions of subsec. (a) as (b), inserted heading, substituted “Disclosures required by subsection (a)” for “Such disclosures”, redesignated former subsec. (b) as (c), and added subsecs. (d) and (e).

Executive Documents

Termination of Trust Territory of the Pacific Islands For termination of Trust Territory of the Pacific Islands, see note set out preceding section 1681 of Title 48, Territories and Insular Possessions.

§6803 Disclosure of Institution Privacy Policy