(a) General rule. Except as otherwise authorized in this part, you must not, directly or
through any affiliate, disclose any nonpublic personal information about a consumer to a
nonaffiliated third party other than as described in the initial notice that you provided to that
consumer under § 216.4, unless:
(i) You have provided to the consumer a revised notice that accurately describes your policies and practices;
(ii) You have provided to the consumer a new opt out notice;
(iii) You have given the consumer a reasonable opportunity, before you disclose the information to the nonaffiliated third party, to opt out of the disclosure; and
(iv) The consumer does not opt out.
(b) Examples–(1) Except as otherwise permitted by §§ 216.13, 216.14, and 216.15, you
must provide a revised notice before you:
(i) Disclose a new category of nonpublic personal information to any nonaffiliated third party;
(ii) Disclose nonpublic personal information to a new category of nonaffiliated third party; or
(iii) Disclose nonpublic personal information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt out right regarding that disclosure.
(2) A revised notice is not required if you disclose nonpublic personal information to a new nonaffiliated third party that you adequately described in your prior notice.
(c) Delivery. When you are required to deliver a revised privacy notice by this section,
you must deliver it according to § 216.9.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
