Can someone identify for me who are included in the Section 14 exception regarding third-party service providers under GLBA safeguarding rules. Or can you tell me where I can locate this information. I am particularly interested in whether credit bureau agencies are included.

Section 502(e) exceptions of GLBA lists several exceptions to the reuirements that would apploy otherwise to a bank's disclosure of nonpublic personal information to nonaffiliated third parties. These exceptions. contained ins ections 40.14 and 40.15 of the OCC's rule, generally are intended to permit a bank to continue sharing information as needed to conduct routine business transactions, such as disclosures made in connection with administration, processing, servicing, or sale of a consumer's account. When a bank shares information under any of these exceptions, it need not provide a consumer with an opportunity to opt out of the information sharing, but it still must provide privacy notices to its customers. The credit bureau would be considered a nonaffiliated third party vendor, necessary to provide routine business. But other aspects must be considered such as FCRA and any signature requirements to "pull" a credit report.

Opinions are mine not my employer. I am not an attorney so no legal advice intended.