Thread Options
|
#2227640 - 12/18/19 02:39 PM
Privacy Notice - Sharing with an Affiliate
|
Platinum Poster
Joined: Oct 2006
Posts: 712
PA
|
The changes are as follows:
1. We would like to share “information about your transactions and experience†with our affiliate (ABC Financial Advisors) 2. We would like to share “information about your creditworthiness†with our affiliate (ABC Financial Advisors). 3. “For our affiliates to market to you.†Reasons we can share your personal information Does ABC Bank Share? Can You Limit Sharing For our affiliates’ everyday business purpose- information about your transactions and experiences Yes No For our affiliates’ everyday business purpose- information about your creditworthiness Yes Yes For our affiliates' to market to you Yes Yes Note: When looking at the preview, the responses to "Does ABC Bank Share?" and Can You Limit Sharing" did not line up correctly. The yes and no columns should be under these captions - not sure how it will actually post..
Before we can share we must send out the new Privacy Notice to all customers and have a process to document "opt out" submissions. We can begin sharing information 30 days after the mailing. Under FRCA guidance, the bank will not share the credit report on file. On the deposit side we would access and share the customers total relationship with our affiliate ABC Financial Services. Question: The Privacy Officer says because we want to allow "our affiliates' to market to you" we would have to send the Privacy Notice Annually. Is this correct?
|
Return to Top
|
|
|
|
#2227654 - 12/18/19 04:06 PM
Re: Privacy Notice - Sharing with an Affiliate
2old2care
|
Power Poster
Joined: Sep 2010
Posts: 2,662
|
Great question, 2old2care. The trick here is that you have requirements of both 1) GLBA/Reg P and 2) FCRA/Reg V. Under GLBA/Reg P, you will be required to provide a one-time notice (under 1016.5(e)(ii) but will not be required to send an annual notice going forward as you are not sharing non-public personal information to nonaffiliated third parties under 1016.5(e)(i).
The FCRA and Reg V require the opt-out for sharing of information with affiliates. These rules, however, do not require an annual notice. The trick with these rules is that you have the option of only permitting the opt-out to last 5 years. If you do this, you would need to give each customer who's opt-out is expiring a chance to renew the opt-out. This could be accomplished through an annual notice under GLBA/Reg P. If, however, you permit your FCRA opt-outs to last through the relationship (or until the customer tells you otherwise), then you wouldn't need to worry about the 5 year renewal option.
In other words, if you only offer an affiliate opt-out, you will be required to send a one-time notice (like you said), but won't need to send an annual notice going forward (assuming you allow your opt-out to last for the entire relationship).
(NOTE: At one point, the rules were different that basically said that if you had an FCRA opt-out you couldn't qualify for the annual notice exemption. Fortunately, that requirement does not exist under the current version of the rule.)
_________________________
Adam Witmer, CRCM All statements are my opinion, not those of my employer, and should not be taken as legal advice. www.compliancecohort.com
|
Return to Top
|
|
|
|
#2227805 - 12/19/19 07:01 PM
Re: Privacy Notice - Sharing with an Affiliate
2old2care
|
Platinum Poster
Joined: Oct 2006
Posts: 712
PA
|
Thank you so much. The process should be simple, after all it is a Privacy Notice. The hard part is when more than one regulation is in play. Your response is very clear an concise. I so appreciate you taking the time to respond.
|
Return to Top
|
|
|
|
#2227981 - 12/24/19 05:59 PM
Re: Privacy Notice - Sharing with an Affiliate
2old2care
|
Diamond Poster
Joined: Mar 2013
Posts: 1,266
|
If you change your Privacy Notice because you've entered into a joint marketing agreement with another financial company (Elan), do you need to disclose to all customers and provide an opt-out?
|
Return to Top
|
|
|
|
#2227982 - 12/24/19 06:29 PM
Re: Privacy Notice - Sharing with an Affiliate
2old2care
|
Power Poster
Joined: Nov 2004
Posts: 5,925
So Cal
|
If you previously did not share information for joint marketing with other financial companies and you now intend to, then you would have to provide an updated Privacy Notice and opportunity to opt-out, as well as provide a reasonable amount of time for opt-outs prior to sharing the information. Section 1016.8
_________________________
I've just writed a wrong.
|
Return to Top
|
|
|
|
#2227983 - 12/24/19 06:49 PM
Re: Privacy Notice - Sharing with an Affiliate
2old2care
|
Platinum Poster
Joined: Jun 2014
Posts: 568
Petersburg, VA
|
Section 1016.8 doesn't apply because they would fall under the 1016.13 exemption for joint marketing, assuming they have a compliant joint marketing agreement. There is no opt-out for non-affiliated joint marketing.
I believe in this case, if you haven't already disclosed joint marketing agreements on your initial privacy policy disclosure, you just lose your exemption for the annual disclosure under 1016.5.
(e) Exception to annual privacy notice requirement. (1) When exception available. You are not required to deliver an annual privacy notice if you: (i) Provide nonpublic personal information to nonaffiliated third parties only in accordance with the provisions of § 1016.13, § 1016.14, or § 1016.15; and (ii) Have not changed your policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed to the customer under § 1016.6(a)(2) through (5) and (9) in the most recent privacy notice provided pursuant to this part.
|
Return to Top
|
|
|
|
#2227985 - 12/26/19 12:36 PM
Re: Privacy Notice - Sharing with an Affiliate
Mel in WA
|
Power Poster
Joined: Sep 2010
Posts: 2,662
|
If you change your Privacy Notice because you've entered into a joint marketing agreement with another financial company (Elan), do you need to disclose to all customers and provide an opt-out? If you changed your privacy notice in regards to 1016.13 (joint marketing), then you have to provide a one-time redisclosure under 1016.5(e)(2) but still do not need an annual notice going forward (after the one-time notice) and don't need an opt-out - assuming no other changes are made. For a quick citation, as this can be confusing, we look at the exceptions to the annual notice in 1016.5(e)(1)(ii) that says you do not need to send an annual notice if you: "(ii) Have not changed your policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed to the customer under § 1016.6(a)(2) through (5) and (9) in the most recent privacy notice provided pursuant to this part."For clarification, 1016.6 (5) says this: " (5) If you disclose nonpublic personal information to a nonaffiliated third party under §1016.13 (and no other exception in §1016.14 or §1016.15 applies to that disclosure), a separate statement of the categories of information you disclose and the categories of third parties with whom you have contracted;The example in 1016.5(e)(2)(iii)(B) applies in your situation: " (B) You change your policies and practices in such a way that you no longer meet the requirements of paragraph (e)(1) of this section, and so provide an annual notice to your customers. After providing the annual notice to your customers, you once again meet the requirements of paragraph (e)(1) of this section for an exception to the annual notice requirement. You do not need to provide additional annual notices to your customers until such time as you no longer meet the requirements of paragraph (e)(1) of this section."
_________________________
Adam Witmer, CRCM All statements are my opinion, not those of my employer, and should not be taken as legal advice. www.compliancecohort.com
|
Return to Top
|
|
|
|
#2231885 - 02/27/20 03:45 PM
Re: Privacy Notice - Sharing with an Affiliate
2old2care
|
Member
Joined: Dec 2008
Posts: 76
Pennsylvania
|
To follow-up on this string, if a Bank changes their sharing practices for marketing purposes and provides customers with an updated privacy policy via a statement insert, is an additional message/letter required to alert the customers of the change?
|
Return to Top
|
|
|
|
#2231890 - 02/27/20 03:55 PM
Re: Privacy Notice - Sharing with an Affiliate
2old2care
|
Power Poster
Joined: Sep 2010
Posts: 2,662
|
No. There is no requirement to send an additional message/letter since you provided an updated privacy policy, but you certainly could do so for PR/customer relations purposes.
_________________________
Adam Witmer, CRCM All statements are my opinion, not those of my employer, and should not be taken as legal advice. www.compliancecohort.com
|
Return to Top
|
|
|
|
|
|