We are a multi-bank holding company. Under the affiliate opt-out rules, we allow a customer of one of our banks to opt-out of sharing of non-public personal information with other banks. My question involves joint account owners. We disclose that we will treat one owner's opt-out as an opt-out for all owners. Scenario: Owner A opts out. We load an opt out code on Owner A's CIF record that blocks affiliate staff from viewing any information on Owner A. It also blocks affiliate staff from pulling up Owner B's info by pulling up the joint account's number. However, if affiliate staff pull up an account owned solely by Owner B, then Owner B's information would be viewable. Is that correct or do we have to completely opt-out Owner B on all accounts if Owner A opts-out on the jointly owned account?

"We disclose that we will treat one owner's opt-out as an opt-out for all owners. "


I don't think you are complying with your own disclosure. This is a customer level opt-out - not the account level.