Bankers Compliance Group | The Banking Community's Foremost Resource For Legal Services | BCG
shaking hands business colleagues clapping work space bank sign deposit slip
Today is: April 25, 2024  

Compliance Companion®
Standard Procedures Manuals (SPM)

Financial Privacy & Information Security July 2023

This Manual summarizes the principal laws and regulations governing the privacy of consumer financial information from the perspective of a financial institution.

Part One presents an introduction to the topic and explains how the Manual is organized.

Part Two includes a detailed discussion of the privacy rules under the Gramm-Leach-Bliley Act (GLBA) and CFPB Regulation P, including the required contents and timing of the GLBA initial and annual privacy notices, the exceptions that permit information sharing, the restrictions on sharing nonpublic personal information with nonaffiliated third parties, the requirements regarding consumers’ right to opt out under GLBA, and a financial institution’s liability for GLBA violations.

Part Three explains the privacy and information sharing aspects of the federal Fair Credit Reporting Act, including the FCRA opt outs (sharing opt-out and marketing opt-out) that some institutions must provide, the restrictions regarding the use and sharing of medical information and the rules that apply to sharing consumer information with affiliates for marketing purposes.

Part Four of this Manual provides a brief overview of the relevant state and federal laws – specifically the California Right to Financial Privacy Act and the federal Right to Financial Privacy Act – that govern the disclosure of financial records to governmental agencies. For a complete discussion of the laws governing disclosures made by financial institutions as a result of requests by state or federal government authorities or private parties involved in litigation, refer to Part Two of BCG Standard Procedures Manual #4, Legal Processes.

Part Four also discusses the California constitutional right to privacy and several California privacy laws, such as the California Financial Information Privacy Act (aka SB1) (CFIPA). Part Four explains the CFIPA’s requirements, including what information may be shared with nonaffiliated third parties, what information may be shared with affiliates, and the interaction between the various GLBA, FCRA, and CFIPA opt-in and opt-out rights. Part Four also examines the requirements of the Online Privacy Protection Act of 2003, and the Making Online Banking Initiation Legal and Easy (MOBILE) Act, which permits financial institutions to record personal information from a scanned image of a driver’s license or state identification card.

Part Five provides a comprehensive discussion of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), which gives consumers, among other things, the right to know and correct the information a business collects about them, the right to require a business to delete their information, and the right to opt out of a business sharing their information. This part also discusses the establishment of the new California Privacy Protection Agency (CPPA).

Part Six of this Manual addresses the important topic of Information Security. This part includes a discussion of the interagency guidance regarding information security standards, the FFIEC’s Cybersecurity Assessment Tool (CAT), the components of an incident response program, the federal and California breach notification requirements, and many other related topics.

The main text of the Manual is 336 pages, plus 39 pages of appendixes.


Compliance Companion

Compliance Companion® is a one-stop regulatory compliance resource for financial institutions. This online compilation of 19 industry-leading compliance manuals, including this SPM #20, Financial Privacy & Information Security, takes the legalese out of federal and California laws and regulations, making it easier to understand and keep up with ongoing compliance developments.

Published by Aldrich & Bonnefin, PLC, Compliance Companion® has many useful features including search capabilities, links to internal cross-references and web-based sources, as well as samples of dozens of forms, disclosures and notices.

This compliance resource can also be accessed from your mobile device, making it faster and easier to get the latest information on federal and California laws and regulations governing financial institutions.

For information regarding online subscriptions to Compliance Companion®, contact or call 949-553-0909.

Back to List of Manuals

SPM 20
* Janet Bonnefin is retired from the practice of law with the firm.
| Home | Contact | Sitemap | Disclaimer |
Copyright © 2024 Aldrich & Bonnefin, PLC* - All Rights Reserved