12 CFR 40.8 - Revised privacy notices.

§ 40.8 Revised privacy notices.
(a) General rule. Except as otherwise authorized in this part, a bank must not, directly or through any affiliate, disclose any nonpublic personal information about a consumer to a nonaffiliated third party other than as described in the initial notice that the bank provided to that consumer under § 40.4, unless:
(1) The bank has provided to the consumer a clear and conspicuous revised notice that accurately describes its policies and practices;
(2) The bank has provided to the consumer a new opt out notice;
(3) The bank has given the consumer a reasonable opportunity, before the bank discloses the information to the nonaffiliated third party, to opt out of the disclosure; and
(4) The consumer does not opt out.
(b) Examples.
(1) Except as otherwise permitted by §§ 40.13, 40.14, and 40.15, a bank must provide a revised notice before it:
(i) Discloses a new category of nonpublic personal information to any nonaffiliated third party;
(ii) Discloses nonpublic personal information to a new category of nonaffiliated third party; or
(iii) Disclose nonpublic personal information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt out right regarding that disclosure.
(2) A revised notice is not required if the bank discloses nonpublic personal information to a new nonaffiliated third party that the bank adequately described in its prior notice.
(c) Delivery. When a bank is required to deliver a revised privacy notice by this section, the bank must deliver it according to § 40.9.

Title 12 published on 2014-01-01

no entries appear in the Federal Register after this date.

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code