17 CFR 248.8 - Revised privacy notices.

§ 248.8 Revised privacy notices.

(a)General rule. Except as otherwise authorized in this subpart, you must not, directly or through any affiliate, disclose any nonpublic personal information about a consumer to a nonaffiliated third party other than as described in the initial notice that you provided to that consumer under § 248.4, unless:

(1) You have provided to the consumer a clear and conspicuous revised notice that accurately describes your policies and practices;

(2) You have provided to the consumer a new opt out notice;

(3) You have given the consumer a reasonable opportunity, before you disclose the information to the nonaffiliated third party, to opt out of the disclosure; and

(4) The consumer does not opt out.

(b)Examples.

(1) Except as otherwise permitted by §§ 248.13, 248.14, and 248.15, you must provide a revised notice before you:

(i) Disclose a new category of nonpublic personal information to any nonaffiliated third party;

(ii) Disclose nonpublic personal information to a new category of nonaffiliated third party; or

(iii) Disclose nonpublic personal information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt out right regarding that disclosure.

(2) A revised notice is not required if you disclose nonpublic personal information to a new nonaffiliated third party that you adequately described in your prior notice.

(c)Delivery. When you are required to deliver a revised privacy notice by this section, you must deliver it according to § 248.9.

Title 17 published on 09-May-2017 03:50

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 17 CFR Part 248 after this date.

  • 2013-04-19; vol. 78 # 76 - Friday, April 19, 2013
    1. 78 FR 23638 - Identity Theft Red Flags Rules
      GPO FDSys XML | Text
      SECURITIES AND EXCHANGE COMMISSION, COMMODITY FUTURES TRADING COMMISSION
      Joint final rules and guidelines.
      Effective date: May 20, 2013; Compliance date: November 20, 2013.
      17 CFR Part 162