Under the Financial Modernization Act, customers of a financial institution have certain rights that limit how the financial institution may use a customer’s personal information. The financial institution is required to provide its customers with a privacy notice that explains which information about the customer is kept private and what information is considered public and can be shared with other people or institutions. The notice must also tell the customers how they can opt-out of having certain information shared with the public if they so choose.
What Should the Privacy Notice Contain?
The privacy notice a financial institution provides to its customers should be a clear and accurate statement of the company’s privacy practices. The notice pertains to any personal information the company gathers about its customers that is not to be shared with the general public (this includes most, if not all, personal information).
The notice should describe what kind of information the company collects about its customers, who it shares the information with, and how it safeguards that information.
Note that the privacy notice is automatically sent to customers once a year.
Can I “Opt-Out” If My Information Will Be Given to Other Institutions?
The privacy notice should also explain that a customer has a right to "opt-out" of having certain information shared with third-parties. The notice must illustrate a reasonable method by which the customer can notify their financial institution of their choice to "opt-out" of having their information shared.
There are several situations in which a customer cannot elect to "opt-out" of having their personal information shared by their financial institution:
- When the financial institution shares the information with third-parties that provide essential services like data processing or servicing accounts
- When the disclosure is legally required
- When the information is shared with third-parties that market the financial company’s products and services
Limits to How Third-Party Companies Can Use Personal Information
When your financial institution does provide non-public information to a third-party, that third-party cannot use it for marketing or selling the information to other parties. The only exception to this is if there was an "opt-out" option that the customer chose not to use. In that case the third-party may lawfully elect to distribute the information to others in a manner consistent with the privacy notice.
Should I Contact a Lawyer?
If you feel your right to financial privacy has been violated by your financial institution, make sure to first lodge a complaint with the institution. If you are not satisfied by their method of remedying the problem, you may want to contact an attorney. In addition, you may be entitled to money damages stemming from the violation of your rights.