Interagency guidance on compliance with consumer privacy regulations - Announcements - Brief Article

Federal Reserve Bulletin, Jan, 2002

Staff of the federal agencies that supervise banks, thrift institutions, and credit unions issued guidance on December 12, 2001, to help financial institutions comply with these agencies' consumer privacy regulations.

The agencies' regulations implementing the privacy provisions of the Gramm-Leach-Bliley Act of 1999 were issued last year after interagency consultation and coordination. Financial institutions have been required to comply with the privacy rules since July 1, 2001. The agencies' privacy rules are substantially identical, although each agency's rule differs slightly due to the type of financial institutions subject to that agency's jurisdiction. In general, the privacy regulations govern the circumstances under which a financial institution must provide a consumer with a notice explaining the institution's privacy policies and practices and provide a consumer a reasonable opportunity to prevent, or "opt out" of, disclosures of certain information to nonaffiliated third parties.

The staff guidance issued a series of frequently asked questions, or FAQs, covering various aspects of the privacy rules, including the following:

* Which entities are covered by the privacy rules

* When financial institutions must deliver privacy and opt-out notices

* Limits that apply to the use and disclosure of customer information received from an unrelated financial institution

* Limits that apply to the disclosure of customer account numbers

* How to comply with the exception for disclosures under a joint marketing arrangement with an unrelated financial institution.

These FAQs were developed jointly by staff of the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and Office of Thrift Supervision. They consulted with staff of the Commodity Futures Trading Commission, Federal Trade Commission, and Securities and Exchange Commission. Staff of the depository institution agencies may supplement or revise the FAQs as necessary or appropriate in light of further questions and experience.

Each of these agencies will both post the FAQs on its web site and make them available to the financial institutions the agency supervises.