§ 6802. — Obligations with respect to disclosures of personal information.
[Laws in effect as of January 24, 2002]
[Document not affected by Public Laws enacted between
January 24, 2002 and December 19, 2002]
[CITE: 15USC6802]
TITLE 15--COMMERCE AND TRADE
CHAPTER 94--PRIVACY
SUBCHAPTER I--DISCLOSURE OF NONPUBLIC PERSONAL INFORMATION
Sec. 6802. Obligations with respect to disclosures of personal
information
(a) Notice requirements
Except as otherwise provided in this subchapter, a financial
institution may not, directly or through any affiliate, disclose to a
nonaffiliated third party any nonpublic personal information, unless
such financial institution provides or has provided to the consumer a
notice that complies with section 6803 of this title.
(b) Opt out
(1) In general
A financial institution may not disclose nonpublic personal
information to a nonaffiliated third party unless--
(A) such financial institution clearly and conspicuously
discloses to the consumer, in writing or in electronic form or
other form permitted by the regulations prescribed under section
6804 of this title, that such information may be disclosed to
such third party;
(B) the consumer is given the opportunity, before the time
that such information is initially disclosed, to direct that
such information not be disclosed to such third party; and
(C) the consumer is given an explanation of how the consumer
can exercise that nondisclosure option.
(2) Exception
This subsection shall not prevent a financial institution from
providing nonpublic personal information to a nonaffiliated third
party to perform services for or functions on behalf of the
financial institution, including marketing of the financial
institution's own products or services, or financial products or
services offered pursuant to joint agreements between two or more
financial institutions that comply with the requirements imposed by
the regulations prescribed under section 6804 of this title, if the
financial institution fully discloses the providing of such
information and enters into a contractual agreement with the third
party that requires the third party to maintain the confidentiality
of such information.
(c) Limits on reuse of information
Except as otherwise provided in this subchapter, a nonaffiliated
third party that receives from a financial institution nonpublic
personal information under this section shall not, directly or through
an affiliate of such receiving third party, disclose such information to
any other person that is a nonaffiliated third party of both the
financial institution and such receiving third party, unless such
disclosure would be lawful if made directly to such other person by the
financial institution.
(d) Limitations on the sharing of account number information for
marketing purposes
A financial institution shall not disclose, other than to a consumer
reporting agency, an account number or similar form of access number or
access code for a credit card account, deposit account, or transaction
account of a consumer to any nonaffiliated third party for use in
telemarketing, direct mail marketing, or other marketing through
electronic mail to the consumer.
(e) General exceptions
Subsections (a) and (b) of this section shall not prohibit the
disclosure of nonpublic personal information--
(1) as necessary to effect, administer, or enforce a transaction
requested or authorized by the consumer, or in connection with--
(A) servicing or processing a financial product or service
requested or authorized by the consumer;
(B) maintaining or servicing the consumer's account with the
financial institution, or with another entity as part of a
private label credit card program or other extension of credit
on behalf of such entity; or
(C) a proposed or actual securitization, secondary market
sale (including sales of servicing rights), or similar
transaction related to a transaction of the consumer;
(2) with the consent or at the direction of the consumer;
(3)(A) to protect the confidentiality or security of the
financial institution's records pertaining to the consumer, the
service or product, or the transaction therein; (B) to protect
against or prevent actual or potential fraud, unauthorized
transactions, claims, or other liability; (C) for required
institutional risk control, or for resolving customer disputes or
inquiries; (D) to persons holding a legal or beneficial interest
relating to the consumer; or (E) to persons acting in a fiduciary or
representative capacity on behalf of the consumer;
(4) to provide information to insurance rate advisory
organizations, guaranty funds or agencies, applicable rating
agencies of the financial institution, persons assessing the
institution's compliance with industry standards, and the
institution's attorneys, accountants, and auditors;
(5) to the extent specifically permitted or required under other
provisions of law and in accordance with the Right to Financial
Privacy Act of 1978 [12 U.S.C. 3401 et seq.], to law enforcement
agencies (including a Federal functional regulator, the Secretary of
the Treasury with respect to subchapter II of chapter 53 of title
31, and chapter 2 of title I of Public Law 91-508 (12 U.S.C. 1951-
1959), a State insurance authority, or the Federal Trade
Commission), self-regulatory organizations, or for an investigation
on a matter related to public safety;
(6)(A) to a consumer reporting agency in accordance with the
Fair Credit Reporting Act [15 U.S.C. 1681 et seq.], or (B) from a
consumer report reported by a consumer reporting agency;
(7) in connection with a proposed or actual sale, merger,
transfer, or exchange of all or a portion of a business or operating
unit if the disclosure of nonpublic personal information concerns
solely consumers of such business or unit; or
(8) to comply with Federal, State, or local laws, rules, and
other applicable legal requirements; to comply with a properly
authorized civil, criminal, or regulatory investigation or subpoena
or summons by Federal, State, or local authorities; or to respond to
judicial process or government regulatory authorities having
jurisdiction over the financial institution for examination,
compliance, or other purposes as authorized by law.
(Pub. L. 106-102, title V, Sec. 502, Nov. 12, 1999, 113 Stat. 1437.)
References in Text
This subchapter, referred to in subsecs. (a) and (c), was in the
original ``this subtitle'', meaning subtitle A (Sec. 501 et seq.) of
title V of Pub. L. 106-102, Nov. 12, 1999, 113 Stat. 1436, which enacted
this subchapter and amended section 1681s of this title. For complete
classification of subtitle A to the Code, see Tables.
The Right to Financial Privacy Act of 1978, referred to in subsec.
(e)(5), is title XI of Pub. L. 95-630, Nov. 10, 1978, 92 Stat. 3697, as
amended, which is classified generally to chapter 35 (Sec. 3401 et seq.)
of Title 12, Banks and Banking. For complete classification of this Act
to the Code, see Short Title note set out under section 3401 of Title 12
and Tables.
Chapter 2 of title I of Public Law 91-508, referred to in subsec.
(e)(5), is chapter 2 (Secs. 121-129) of title I of Pub. L. 91-508, Oct.
26, 1970, 84 Stat. 1116, which is classified generally to chapter 21
(Sec. 1951 et seq.) of Title 12, Banks and Banking. For complete
classification of chapter 2 to the Code, see Tables.
The Fair Credit Reporting Act, referred to in subsec. (e)(6)(A), is
title VI of Pub. L. 90-321, as added by Pub. L. 91-508, title VI,
Sec. 601, Oct. 26, 1970, 84 Stat. 1127, as amended, which is classified
generally to subchapter III (Sec. 1681 et seq.) of chapter 41 of this
title. For complete classification of this Act to the Code, see Short
Title note set out under section 1601 of this title and Tables.
Section Referred to in Other Sections
This section is referred to in sections 6803, 6804, 6809 of this
title.