I see quite a variety of privacy policies since SB-1 was passed and then smacked down by the courts. That led me to wonder if my understanding of the current status of GLBA, SB-1 and FCRA is correct.
As I understand things, the affiliate sharing aspects of SB-1 are stayed. Therefore, we DON'T have to give an opt-out for sharing with affiliates but we DO, under FCRA, have to include in our policy notice that we share experiential and transactional info with affiliates.
If we share with another FI pursuant to a financial joint marketing program we DO have to give an opt out. That includes sending a return envelope (customer pays postage) if we provide two other non-costing methods to opt out such as toll-free phone and internet.
If we were to share with nonaffiliated parties, we would have to provide an opt-in. Not even going to dream of that one.
What am I missing?
_________________________
My opinions are not legal advice and are worth what you paid for them.