In 2011, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) transferred regulatory authority for most of Subtitle V of the GLBA to the Bureau of Consumer Financial Protection for the Board of Governors of the Federal Reserve System, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the Federal Deposit Insurance Corporation. and the Federal Trade Commission (in part) (see 12 C.F.R. § 1016). Secondly, the deletion of certain normally foreseen examples, which are not applicable to car dealers, will not affect the existing information-gathering requirements. If you share your DPA with unaffiliated third parties, with three exceptions (see „Exceptions“), you must provide your consumers and customers with a „takedown notice“ that clearly describes their right to opt out of the information shared. An opt-out notice must be provided with a privacy policy and may form part of the privacy policy. An overview of the data protection requirements of the GLB Act is available online. This guide provides more detailed information than the overview to help you comply with the requirements of the data protection rule to protect consumers` financial information. It is written for businesses that provide financial products or services to individuals for personal, family or household use. Before sharing NPI with unaffiliated third parties outside of the exceptions described in (see „Exceptions“), you must provide your non-customer consumers with a privacy policy, including a notice of opt-out.

If you don`t share information with unaffiliated third parties, or if you only share as part of the exceptions, you don`t have to give your consumers a privacy policy. The proposed amendment to paragraph 313.1(b) limited the description of the scope of the data protection provision to entities set out in the Dodd-Frank Act: [26] Those engaged primarily in the sale and maintenance of motor vehicles or the rental and maintenance of motor vehicles, with the exception of dealers who lend directly to consumers and do not systematically transfer credit renewals to an unaffiliated third party. In addition, the reference to `other persons` has been removed from the scope of the rule, as the Commission no longer has regulatory power for the data protection rule concerning `other persons`. Finally, the proposed amendments removed from Section 313.1(b) the notice that (1) the privacy rule does not modify, limit, or replace the standards of the HIPAA Health Insurance Portability and Accountability Act of 1996, and (2) whether a financial institution that is a higher education institution complies with the federal FERPA Education Rights and Privacy Act („FERPA“) and its implementing regulations, this entity is considered compliant with the data protection rule. The Privacy Policy describes how you collect, disclose and protect DPCs. The GLBA clearly outlines what you need to communicate to customers and consumers in communication. This could include: GLBA is divided into three main sections, each of which defines a subset of rules that govern compliance. The three sections are as follows: Under Title V, Subheading A, Section 501 describes the „protection of non-public personal information“ and states that „every financial institution has a positive and enduring obligation to `respect the privacy of its customers and to protect the security and confidentiality of those customers` non-public personal information“ (15 U.S.C. § 6801).

In addition, financial regulators must „establish appropriate administrative, technical, and physical standards of protection“ that: An individual consumer asked how often a business must engage in ancillary activity to be considered a financial institution. [41] As with other financial activities under the current regime, an entity is a financial institution only if it has a „significant interest“ in ancillary activities. This rule, often referred to as the confidentiality rule, imposes requirements on how organizations can collect and disclose private financial data. An organization must make a „clear and visible“ statement of its privacy policy at the beginning of a customer relationship. Thereafter, clients must receive an annual termination for the duration of the relationship, unless the organization meets certain criteria. If you are a financial institution, your obligations vary depending on whether your customers are „customers“ or „consumers“. In short, the privacy rule requires you to inform all your „customers“ of your privacy practices and, if you share their information in certain ways, also to your „consumers“. 3.

FTC Final Privacy Rule, 65 FR 33645 (May 24, 2000), available at www.federalregister.gov/documents/2000/05/24/00-12755/privacy-of-consumer-financial-information; NCUA Final Privacy Rule, 65 FR 31722 (18. May 2000) available at www.federalregister.gov/documents/2000/05/18/00-12014/privacy-of-consumer-financial-information-requirements-for-insurance; SEC Final Privacy Rule, 65 FR 40333 (June 29, 2000), available at www.federalregister.gov/documents/2000/06/29/00-16269/privacy-of-consumer-financial-information-regulation-s-p; CFTC Final Privacy Rule, 66 FR 21235 (April 27, 2001) available at www.federalregister.gov/documents/2001/04/27/01-10398/privacy-of-consumer-financial-information. A Privacy Statement describes the financial institution`s policies and practices regarding the sharing of non-public personal information with unaffiliated and affiliated third parties and includes: To reflect the amendments to the Dodd-Frank Act and the FAST Act, the amendments amend the scope and definition of the confidentiality rule for „financial institution“; modification of the annual notice requirement; and delete some examples as a general rule, which do not apply to motor vehicle dealers. With this measure, the Commission clarifies the current and narrow scope of the provision. In addition, by amending the definition of „financial institution“ to car dealers engaged in „ancillary activities related to financial activities“, the data protection regime will be aligned with the rules of other authorities. The amendments do not modify or supplement the information collection requirements previously approved by the OMB. First, the Commission expects that the extension of the definition of `financial institution` to entities carrying out ancillary activities related to financial activities will have little or no impact. It is not certain that intermediaries who are also motor vehicle dealers are not already covered by the rule because of their activity as motor vehicle dealers.

8. Repeal of Rules, 77 FR 22200, 22201 (April 13, 2012), available at www.federalregister.gov/documents/2012/04/13/2012-8748/rescission-of-rules (also repeal of provisions for which regulation-making authority was transferred to the CFPB under the Dodd-Frank Act). If your business is a financial institution, the consumer financial privacy rule applies to your business and must therefore comply with the privacy policies described in the section above. The Commission sought an opinion on whether there were intermediaries that would fall under the proposed rule and not under the current rule.