12 CFR 40.10 - Limits on disclosure of non-public personal information to nonaffiliated third parties.

prev | next
§ 40.10 Limits on disclosure of non-public personal information to nonaffiliated third parties.
(a)
(1) Conditions for disclosure. Except as otherwise authorized in this part, a bank may not, directly or through any affiliate, disclose any nonpublic personal information about a consumer to a nonaffiliated third party unless:
(i) The bank has provided to the consumer an initial notice as required under § 40.4;
(ii) The bank has provided to the consumer an opt out notice as required in § 40.7;
(iii) The bank has given the consumer a reasonable opportunity, before it discloses the information to the nonaffiliated third party, to opt out of the disclosure; and
(iv) The consumer does not opt out.
(2) Opt out definition. Opt out means a direction by the consumer that the bank not disclose nonpublic personal information about that consumer to a nonaffiliated third party, other than as permitted by §§ 40.13, 40.14, and 40.15.
(3) Examples of reasonable opportunity to opt out. A bank provides a consumer with a reasonable opportunity to opt out if:
(i) By mail. The bank mails the notices required in paragraph (a)(1) of this section to the consumer and allows the consumer to opt out by mailing a form, calling a toll-free telephone number, or any other reasonable means within 30 days from the date the bank mailed the notices.
(ii) By electronic means. A customer opens an on-line account with a bank and agrees to receive the notices required in paragraph (a)(1) of this section electronically, and the bank allows the customer to opt out by any reasonable means within 30 days after the date that the customer acknowledges receipt of the notices in conjunction with opening the account.
(iii) Isolated transaction with consumer. For an isolated transaction, such as the purchase of a cashier's check by a consumer, a bank provides the consumer with a reasonable opportunity to opt out if the bank provides the notices required in paragraph (a)(1) of this section at the time of the transaction and requests that the consumer decide, as a necessary part of the transaction, whether to opt out before completing the transaction.
(b) Application of opt out to all consumers and all nonpublic personal information. (1) A bank must comply with this section, regardless of whether the bank and the consumer have established a customer relationship.
(2) Unless a bank complies with this section, the bank may not, directly or through any affiliate, disclose any nonpublic personal information about a consumer that the bank has collected, regardless of whether the bank collected it before or after receiving the direction to opt out from the consumer.
(c) Partial opt out. A bank may allow a consumer to select certain nonpublic personal information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out.

Title 12 published on 2015-01-01.

No entries appear in the Federal Register after this date, for 12 CFR Part 40.

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code