Skip to content
BOL Conferences Top Gun 23
Thread Options Tools
#1027 - 03/22/01 04:51 PM Privacy Notices
Michele Petry Offline
New Poster
Joined: May 2001
Posts: 7
Can anyone refer me to instructions that state who is responsible for providing the initial notices, new account notices, and annual notices in the case of private brand credit cards?

First, there is the bank whose name is on the application and card, but has nothing to do with the account other than making the application available.

Then there is the servicing bank where the customer mails the application, who approves the application, and who services the account once established.

The servicing bank is named on the application so there is no confusion about where the application is going.


Return to Top
General Discussion
#1028 - 03/23/01 12:53 PM Re: Privacy Notices
RVFlyboy Offline
Power Poster
RVFlyboy
Joined: Oct 2000
Posts: 5,984
Soaring over Georgia
Assuming you are talking about privacy disclosures, let's first talk about GLB privacy then about FCRA privacy. Look to the regulatory definitions of consumer and customer, in both the regulation and in the preamble discussion in the Federal Register release for GLB Privacy. You'll find citations and discussion that show that for the purposes of the bank whose name is on the application and card, the card applicant is a consumer. As such, they would be responsible for sending the applicant a copy of their privacy notice, but they would only be required to do so before sharing any nonpublic financial information with a nonaffiliated third party. They would not have an ongoing annual notice requirement. They could also use the short-form privacy notice specified under GLB. The cardholder, however, would be a customer of the servicing bank. As such, the servicing bank is obligated to provide the cardholder with both an initial disclosure by July 1 or at time of account opening if after July 1 and on an annual basis afterward, as long as the account is open.

With regard to FCRA, the issue is trickier because of the differences between the two laws, the lack of a final rule implementing FCRA privacy provisions from the regulators, and the uncertain status of any such rule. As such, under the existing statutes and FTC guidance for FCRA, the branding bank would only have a disclosure and opt-out obligation if they were going to share nonexperiential information that meets the standard of being consumer report information with their affiliates. If they wanted to engage in such sharing, they would first have to disclose this to the card applicant and provide an opportunity to opt-out of this sharing. Similarly, this requirement also applies to the servicing bank, but here the FCRA notice and opt-out can be combined with the required GLB privacy notice.

Hope this helps.

------------------
Opinions expressed are my own, and do not necessarily reflect those of my employer.

_________________________
Jim Bedsole, CRCM, CBA, CFSA, CAFP
My posts - my opinions

Return to Top