When may a financial institution share consumer information with non-affiliated third parties for marketing purposes?
When may a financial institution share consumer information with non-affiliated third parties for marketing purposes?
A financial institution can share consumer information with non-affiliated third parties for marketing purposes only after disclosing their information-sharing practices to customers and providing them with an opportunity to opt out. This ensures that consumers have control over whether their nonpublic personal information is shared with non-affiliated parties.
The answer is C. That financial institution must provide consumers the right to opt out of having their nonpublic personal information shared with nonaffiliated third parties (subject to significant exceptions, such as joint marketing agreements between other financial institutions, and processing of consumer transactions) but in any case, must provide a privacy notice to disclose this. There is no right of a consumer to be afforded an opportunity to opt-in under GLBA.
Consumers must opt-in before a financial institution may share financial information with a non-affiliated third party. A is right answer. Can someone confirm?
https://www.ecfr.gov/current/title-12/chapter-X/part-1022/subpart-C Example. A consumer has a homeowner's insurance policy with an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated creditor. Based on that eligibility information, the creditor wants to make a solicitation to the consumer about its home equity loan products. The creditor does not have a pre-existing business relationship with the consumer and none of the other exceptions apply. The creditor is prohibited from using eligibility information received from its insurance affiliate to make solicitations to the consumer about its home equity loan products unless the consumer is given a notice and opportunity to opt out and the consumer does not opt out.
§ 1022.21 Affiliate marketing opt-out and exceptions. (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer; (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to “opt out,” or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and
Hey boats. Love your responses in general, but I think you're off here. You're (correctly) addressing a situation in which the third party is *affiliated*. Here, the prompt states the the third party is *not* affiliated.
https://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act "If you share their NPI with nonaffiliated third parties outside of three exceptions (see "Exceptions"), you must give your consumers and customers an "opt-out notice" that clearly and conspicuously describes their right to opt out of the information being shared. An opt-out notice must be delivered with a privacy notice, and it can be part of the privacy notice."
Correct Answer is C. information with nonaffiliated companies and other third parties, but only after disclosing information-sharing practices to customers and providing them with the opportunity to opt out.
A financial institution may also share consumer information with nonaffiliated companies and other third parties, but only after disclosing information-sharing practices to customers and providing them with the opportunity to opt out. IAPP 9.3.2 (page 233). The correct answer is C.
The Gramm-Leach-Bliley Act seeks to protect consumer financial privacy. Its provisions limit when a "financial institution" may disclose a consumer's "nonpublic personal information" to nonaffiliated third parties. The law covers a broad range of financial institutions, including many companies not traditionally considered to be financial institutions because they engage in certain "financial activities." Financial institutions must notify their customers about their information-sharing practices and tell consumers of their right to "opt-out" if they don't want their information shared with certain nonaffiliated third parties. In addition, any entity that receives consumer financial information from a financial institution may be restricted in its reuse and redisclosure of that information.
Note: While the GLB Act does not require you to provide an opt-out notice if you only disclose NPI to affiliates, if you share certain information with your affiliates, you may have an obligation to provide an opt-out notice under the Fair Credit Reporting Act. That opt-out notice must be included in your GLB privacy notice