Karen Sue, I think the most important part of this question is: what, specifically, is being shared?
Under FCRA, you CAN share 'transaction & experience' information WITHOUT opt-out. It's when you share more than that (going in either direction) that opt-out comes into question.
The thing we've been grappling with is how to make a CRM / MCIF system work corporation-wide. For instance, I can share T&E from bank to insurance company without opt-out, but where does basic demographic stuff fall (like date of birth, home phone number, employer, etc.)?
Now, we understand that things we capture from a credit report like credit score or the fact that the customer has a mortgage with Chase can not be shared without opt-out. But what about this stuff that isn't directly addressed under FCRA? Makes the whole corporate-wide CRM system much more difficult to manage.
I guess my best advice is, know what specific information is made available to employees of the different affiliates, and make a determination whether the FCRA opt out applies.
Opinions are Bartman's, not those of my employer. "A noble spirit embiggens the smallest man."