>>Return to Bulletins
BUREAU OF BANKING
Department of Professional and Financial Regulation
State of Maine
July 9, 2001
Privacy of Consumer Financial Information
On May 24, 2001, Governor Angus S. King, Jr., signed PL 2001, c. 262, "An Act to Conform the State’s Financial Services Privacy Laws with Federal Law". The changes to the Maine Banking Code (Title 9-B MRSA Chapter 16) incorporated in c. 262 will not take effect until September 21, 2001. The federal privacy rules implementing the Gramm-Leach-Bliley Act of 1999 (GLB) became effective July 1, 2001. The Bureau of Banking is providing this Bulletin to financial institutions in Maine to address transitional issues arising from the differing effective dates implementing state and federal privacy law changes. This Bulletin also identifies consumer issues and regulatory concerns that should be addressed by each institution to effectively provide the privacy protections and notices required under state and federal law.
- Transitional Issues
Title 9-B MRSA Chapter 16 requires that financial records held by each financial institution authorized to do business in this state (as defined in Title 9-B §17-A) or credit union authorized to do business in Maine (as defined in Title 9-B §12-A) be kept confidential, and prohibits the sharing of those records outside of the exceptions provided in the law unless: (1) the institution receives prior authorization from the customer or agent; (2) such disclosure is in response to legal process, or (3) such disclosure is in response to a request by the Department of Human Services for purposes related to establishing, modifying or enforcing a child support order.
Title 9-B MRSA Chapter 16 applies to financial records held by both state and federally chartered financial institutions or credit unions. Effective September 21, 2001, Title 9-B MRSA Chapter 16 will be modified by c. 262 to adopt the broader federal definitions of financial records and provide financial institutions and credit unions authorized to do business in Maine with the authority to share consumer financial information in accordance with GLB. However, federal rules governing privacy became effective on July 1, 2001. While financial institutions that have complied with GLB and its implementing rules may be permitted, under federal law, to share certain information contained in confidential financial records, institutions are reminded that, until September 21, 2001, state law is more restrictive regarding the sharing of consumer information, and financial institutions and credit unions should be mindful of the implications of releasing that information prematurely. At a minimum, banks and credit unions should review their systems for sharing consumer information (under GLB :"opt-out") with respect to information gathered from loan or deposit account customers. The most prudent approach would be to delay the sharing of consumer information until the effective date of the new Maine law. During this interim period, the Bureau is prepared to take enforcement action for an institution’s failure to comply with Maine law. Finally, institutions should be aware that Title 9-B Chapter 16 also prohibits the disclosure of confidential financial records held for commercial customers except under certain circumstances and exceptions. Those state law protections for commercial accounts have not been altered with the changes incorporated in c.262 and institutions should maintain programs that protect the integrity of those account relationships.
- Privacy Notices
Under the federal privacy laws, a financial institution or credit union must provide each of its customers, that are consumers, with an annual privacy notice. The first, or initial, privacy notice must describe what types of nonpublic personal information are collected, how that information is used by the financial institution or credit union, and if the financial institution or credit union shares consumer nonpublic personal information outside of the limitations under GLB. If the financial institution or credit union does share information, then the consumer must be given a reasonable opportunity to say no to sharing, or "opt-out". There has been great deal of confusion resulting from these mailings and the Bureau has received numerous calls from Maine consumers who have raised the following issues regarding privacy notices:
- They are confusing and hard to read.
- The print is very small and difficult for the visually impaired.
- The "opt-out" is not specifically addressed, or inadequately addressed.
- The privacy notices are included with other promotional material and, therefore, are easily overlooked.
- Some institutions are requiring an unreasonably long period of time with which to implement a consumer’s "opt-out" preference.
- Institution staff responding to consumer calls are providing inadequate responses to questions on privacy.
These issues are of considerable concern to the Bureau of Banking. Institutions should review their individual policies and practices to assure that consumers receive privacy notices that are clear and easily understood. Staff responsible for answering consumer questions should be trained to respond to privacy issues or direct inquiries to the appropriate person in the institution.
In order to facilitate communication between the Bureau, the regulated community, and Maine consumers, each financial institution or credit union is asked to provide the following information to the Bureau of Banking by July 26, 2001:
Name of Institution
A copy of the institution’s privacy notice
Consumer Toll Free # (if available)
Please provide this information via e-mail to Jolynn Oldfield (firstname.lastname@example.org) or mail to: Bureau of Banking, 36 State House Station , Augusta, Maine 04333-0036.
The regulated community should continue to educate Maine citizens as to their rights and responsibilities under both federal and state privacy laws. To that end, the Department of Professional & Financial Regulation, including the Bureau of Banking, will embark upon an educational campaign in the near future to provide that essential consumer education. The Bureau is quite willing to work with Maine financial institutions and credit unions in this endeavor.
Should you have any questions regarding the foregoing, please do not hesitate to contact Colette Mooney, Deputy Superintendent of the Bureau of Banking at (207) 624-8574 or via e-mail at email@example.com.
/s/ Howard R. Gray, Jr
Superintendent of Banking
Note: This Bulletin is intended for informational purposes. It is not intended to set forth the legal rights, duties, or privileges nor is it intended to provide legal advice. Readers are encouraged to consult applicable statutes and regulations and to contact the Bureau of Banking if additional information is needed.