While the Gramm-Leach-Bliley Act’s privacy protections only regulate financial institutions (businesses that are engaged in banking, insuring, stocks and bonds, financial advice, and investing), third-party vendors such as title agencies, are under increased scrutiny from lenders because ultimately they will be held responsible for any data security breach, and could be fined by the Consumer Financial Protection Bureau (CFPB).
According the the Federal Trade Commission (FTC) and the Electronic Privacy Information Center (EPIC), these financial institutions, whether they wish to disclose their customers’ personal information or not, “must develop precautions to ensure the security and confidentiality of customer records and information, to protect against any anticipated threats or hazards to the security or integrity of such records, and to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.”
Financial institutions are also required to provide consumers with a notice of their information sharing policies when they first become a customer, and annually thereafter. “That notice must inform the consumer of the financial institutions’ policies on: disclosing nonpublic personal information (NPI) to affiliates andnonaffiliated third parties, disclosing NPI after the customer relationship is terminated, and protecting NPI.”
“Nonpublic personal information” (NPI) means all information on applications to obtain financial services (credit card or loan applications), account histories (bank or credit card) and the fact that an individual is or was a customer. This interpretation of NPI makes names, addresses, telephone numbers, Social Security Numbers and other data subject to the Gramm-Leach-Bliley Act’s data sharing restrictions.
The Gramm-Leach-Bliley Act (GLBA) also gives consumers the right to opt-out from a limited amount of NPI sharing. Specifically, a consumer can direct the financial institution to not share information with unaffiliated companies.
Consumers have no right under the GLBA to stop sharing of NPI among affiliates. An affiliate is any company that controls, is controlled by, or is under common control with another company. The individual consumer has absolutely no control over this kind of “corporate family” trading of personal information.
Register to get started with your I-T Assessment. There is no cost or obligation. You’ll also gain access to restricted content. This offer is available only for a limited time. You simply submit your email and name to reserve your spot. I-T Assessments are processed in the order they are received. Or alternatively, take a quick test to see if you’re compliant.