Skip to content
BOL Conferences
Thread Options
#1205523 - 06/22/09 08:07 PM Non public personal information - business account
DerrickAuditor Offline
Member
Joined: Mar 2008
Posts: 91
USA
I am aware that we need to protect non-public personal information (NPPI) for consumers under GLB Act. It is my understanding that this reg does not apply to business accounts. What about NPPI of the contacts at those businesses?

For instance, may we share a list of business customers, their contacts (e.g. CFOs), their email addresses (some email addresses are personal email addresses like gmail), etc. to a marketing company to perform some surveys on our behalf? I know we don't have to give them an opt-out since this is for marketing purposes, but GLBA generally requires we perform due diligence to ensure the 3rd party will protect the data as well or better than we do. Is the due diligence required since these are business accounts?

Regardless of the reg, I think we should protect all customer data and perform due diligence before we share any customer information, but management wants to know if this would be a regulatory violation.

Thank you.

Return to Top
eBanking / Technology
#1205573 - 06/22/09 08:44 PM Re: Non public personal information - business account DerrickAuditor
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
Reg P doesn't apply to non-consumers, but some states have similar laws that do. I also think it would be foolish to share NPPI about a non-consumer outside the Privacy exemptions. The business may sue you and your institution.

I'm not certain the situation you describe would get you in hot water, but you may still have a customer service issue on your hands. Why not get their permission. They probably won't participate anyway, if you don't ask first.
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#1205733 - 06/23/09 12:56 PM Re: Non public personal information - business account David Dickinson
DerrickAuditor Offline
Member
Joined: Mar 2008
Posts: 91
USA
Thank you. I concur that this poses a reputational risk at best. I will continue the fight to not proceed without proper due diligence.

Return to Top

Moderator:  Andy_Z