FINANCIAL PRIVACY. . . ANSWERS TO YOUR QUESTIONS
A Message to Readers from FDIC Consumer News
In FDIC Consumer News, we describe your rights to financial
privacy under the Gramm-Leach-Bliley Act of 1999. This federal law requires
your financial institutions to provide notices describing the type of
information they intend to share with third parties and how customers may
"opt out" or say "no" to information sharing under certain circumstances.
Financial institutions were required to send notices to existing customers
by July 1, 2001. Thereafter, new customers also will get privacy notices,
and all customers will receive a notice annually. We previously invited
readers to submit questions about their financial privacy rights. Here are
some of the questions we received, and our answers.
Can I contact my bank and credit card companies to request that they not
share my information or do I need to fill out a form?
Financial institutions that intend to share non-public personal information
about consumers with other companies must give those individuals a chance to
opt out, with certain exceptions (such as for information needed to process
loans, mail account statements or conduct other normal business). But when
it comes to how customers can opt out, the rules leave that up to
each financial institution, provided the procedures are reasonable.
Institutions must describe their opt-out procedures in their privacy
notices. For example, your institution may require you to complete and
return a form, or it may require you to call a certain phone number. To
ensure that your request is honored, it's important to follow the
institution's opt-out instructions. If you don't have a copy of your
institution's requirements, call the customer service department and ask how
to opt out.
Some of the institutions don't say anything about contacting them to opt
out, yet according to the notices, these institutions are sharing plenty of
information. When can an institution share information without giving a
customer a chance to opt out?
Under the Gramm-Leach-Bliley Act, you cannot stop an institution from
providing personal information to outside companies and organizations
if, for example, the information is used to:
institution's own products or services;
products or services jointly with another financial institution.
Enable a third
party to help conduct normal business for your institution, such as handling
data processing for accounts or mailing account statements.
In addition, the federal Fair Credit Reporting Act (FCRA) allows an
institution to share with affiliates (other parts of the same
corporate family) certain information based on your transactions with the
institution. This kind of information sharing also can be done without
giving you an opportunity to say no.
Example: Your bank can tell an affiliated brokerage firm that you have a
certificate of deposit about to mature, so it can offer you an investment
alternative. Your bank, however, cannot provide an affiliate with personal
information from, say, your credit report or loan application unless you're
given a chance to opt out first (because that information is not
based solely on transactions you've conducted with the bank).
If I send the proper notice that I wish to opt out, do I have to redo
this form each year or will my initial notice remain in effect?
You do not need to renew your opt-out instructions with a bank or other
financial institution. One request will remain in effect indefinitely unless
you contact the institution asking to cancel it. But let's say your
institution later decides to expand how much customer information it intends
to provide to other companies. If it's the kind of information the law says
you have a right to prevent from being shared, "your institution must
provide you with a revised privacy notice and give you an opportunity to opt
out of the new information sharing," says David Lafleur, Policy Analyst for
the FDIC's Division of Supervision and Consumer Protection. "This is another
example why we say you should pay attention to every privacy notice you get
from your financial institutions."
We've also been asked what happens to a consumer's opt-out request if your
that is less protective of your personal information. Here, the
merged institution must give you the right to opt out before it could apply
that less-protective policy to your personal information.
If I opt out of information sharing because I don't want unsolicited
offers, does this prevent my bank from reporting my creditworthiness to
credit bureaus and, therefore, to other institutions I may be applying to
No, even if you opt out, your bank or other financial services firms still
can, and will, report private information to credit bureaus. Why? Because
the privacy law specifically permits institutions to provide nonpublic
personal information to credit bureaus.
Credit bureaus are companies that collect facts about a person's financial
responsibility, such as the timeliness of loan payments. Banks rely on
reports from credit bureaus when deciding, for example, to grant a loan or a
credit card to a particular consumer, and those reports can only be prepared
if financial institutions maintain a regular, free flow of information to
Friends and relatives have forwarded to me the same anonymous e-mail
message warning that, as of July 1, credit bureaus can share my credit
information, mailing address, telephone number and other information "to
anyone who requests it" unless I opt out. Is this true?
No, that's a false rumor widely circulated on the Internet. It's apparently
based on someone's misinterpretation of the July 1 date in the Gramm-Leach-Bliley
Act for banks and other financial institutions to send out privacy mailings
to customers. Here's what you should know: Credit bureaus can't release the
information in your credit report to just anyone who asks for it. Under the
Fair Credit Reporting Act, a credit bureau can only provide this information
to people and businesses with a legitimate right to obtain it, as specified
in the law. For example, a company has a right to get your credit report if
you apply for a credit card, a home equity loan or an insurance product.
However, there are opt-out provisions in the FCRA. One, for example,
gives you the right to prohibit credit bureaus from providing information to
companies that want to send you unsolicited offers of credit or insurance.
The easiest way to remove your name from these special marketing lists sold
by credit bureaus is to make one toll-free phone call to 888-5-OPTOUT
(888-567-8688), a service operated on behalf of the nation's largest credit
bureaus. A phone request to the credit bureaus is only good for two years.
Thereafter, you would have to call again to renew for another two years. To
opt out indefinitely, you must submit a written request using a special form
that you can order from the toll-free number.
The central phone service for credit bureau opt-outs is an automated system
that will ask you to leave personal information, including your Social
Security number. While this automated service promises confidentiality, if
you are reluctant to leave your Social Security number, then you should
write a letter (not an e-mail) to any one of the credit bureaus listed below
and ask it to share your opt-out request with the other companies. Be sure
to include your full name, address, Social Security number and signature.
Also specify if you want to opt out for two years or indefinitely, in which
case you will receive the form to complete. Write to:
Options, P.O. Box 740123, Atlanta, GA 30374-0123;
Opt-Out, P. O. Box 919, Allen, TX 75013-0919;
Consumer Opt Out, P.O. Box 1358, Columbus, OH 43216; or
Name Removal Option, P.O. Box 505, Woodlyn, PA 19094.