12 CFR 40.8 - Revised privacy notices.
(a) General rule. Except as otherwise authorized in this part, a bank must not, directly or through any affiliate, disclose any nonpublic personal information about a consumer to a nonaffiliated third party other than as described in the initial notice that the bank provided to that consumer under § 40.4, unless:
(1) The bank has provided to the consumer a clear and conspicuous revised notice that accurately describes its policies and practices;
(3) The bank has given the consumer a reasonable opportunity, before the bank discloses the information to the nonaffiliated third party, to opt out of the disclosure; and
(1) Except as otherwise permitted by §§ 40.13, 40.14, and 40.15, a bank must provide a revised notice before it:
(iii) Disclose nonpublic personal information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt out right regarding that disclosure.
(2) A revised notice is not required if the bank discloses nonpublic personal information to a new nonaffiliated third party that the bank adequately described in its prior notice.
(c) Delivery. When a bank is required to deliver a revised privacy notice by this section, the bank must deliver it according to § 40.9.
Title 12 published on 2014-01-01
no entries appear in the Federal Register after this date.