This Manual summarizes the principal laws and regulations governing the privacy of consumer financial information from the
perspective of a financial institution.
Part One presents an introduction to the topic and explains how the Manual is organized.
Part Two includes a detailed discussion of the privacy rules under the Gramm-Leach-Bliley Act (GLBA) and CFPB Regulation P,
including the required contents and timing of the GLBA initial and annual privacy notices, the exceptions that permit information sharing,
the restrictions on sharing nonpublic personal information with nonaffiliated third parties, the requirements regarding consumers’ right
to opt out under GLBA, and a financial institution’s liability for GLBA violations.
Part Three explains the privacy and information sharing aspects of the federal Fair Credit Reporting Act, including the FCRA
opt outs (sharing opt-out and marketing opt-out) that some institutions must provide, the restrictions regarding the use and
sharing of medical information and the rules that apply to sharing consumer information with affiliates for marketing purposes.
Part Four of this Manual provides a brief overview of the relevant state and federal laws – specifically the California Right to Financial Privacy
Act and the federal Right to Financial Privacy Act – that govern the disclosure of financial records to governmental agencies. For a complete
discussion of the laws governing disclosures made by financial institutions as a result of requests by state or federal government authorities
or private parties involved in litigation, refer to Part Two of BCG Standard Procedures Manual #4, Legal Processes.
Part Four also discusses the California constitutional right to privacy and several California privacy laws, such as the California Financial
Information Privacy Act (aka SB1) (CFIPA). Part Four explains the CFIPA’s requirements, including what information may be shared with
nonaffiliated third parties, what information may be shared with affiliates, and the interaction between the various GLBA, FCRA, and CFIPA opt-in and
opt-out rights. Part Four also examines the requirements of the Online Privacy Protection Act of 2003, and the Making Online Banking Initiation
Legal and Easy (MOBILE) Act, which permits financial institutions to record personal information from a scanned image of a driver’s license or state
identification card.
Part Five provides a comprehensive discussion of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA),
which gives consumers, among other things, the right to know and correct the information a business collects about them, the right to require a business to delete
their information, and the right to opt out of a business sharing their information. This part also discusses the establishment of the new California Privacy
Protection Agency (CPPA).
Part Six of this Manual addresses the important topic of Information Security. This part includes a discussion of the interagency guidance regarding
information security standards, the FFIEC’s Cybersecurity Assessment Tool (CAT), the components of an incident response program, the federal and California breach
notification requirements, and many other related topics.
The main text of the Manual is 336 pages, plus 39 pages of appendixes.
_____________________________________________________________________
Compliance Companion
Compliance Companion® is a one-stop regulatory compliance resource for financial institutions.
This online compilation of 19 industry-leading compliance manuals, including this SPM #20, Financial Privacy & Information Security, takes the legalese out of federal and California laws and regulations, making
it easier to understand and keep up with ongoing compliance developments.
Published by Aldrich & Bonnefin, PLC, Compliance Companion® has many useful features including search capabilities, links to
internal cross-references and web-based sources, as well as samples of dozens of forms, disclosures and notices.
This compliance resource can also be accessed from your mobile device, making it faster and easier to get the latest information on federal and
California laws and regulations governing financial institutions.
For information regarding online subscriptions to Compliance Companion®, contact
info@bankerscompliancegroup.com or call 949-553-0909.
|