Financial Privacy Rights - Frequently Asked Questions

NOTE: These FAQ's summarize your rights under the privacy laws that apply to the financial services industry in general. Laws regulating specific types of financial services, such as banking, insurance, or investments may provide some additional protections. For further information, you may consult the individual agency web pages listed below.

I have been receiving privacy notices in the mail from my bank and credit union, finance company, insurance company, and investment firm. What is this all about?

In 1999 the Federal government passed a law called the Gramm-Leach Bliley Act. The law requires these institutions to send you a notice regarding your privacy rights by July 1, 2001. In the notices, the companies must tell you what information they collect about you and with whom they share that information. Further, they must offer you an opportunity to "opt-out" of having your information shared beyond exceptions provided by law.

What exactly is Gramm-Leach-Bliley and who does it affect?

Gramm-Leach-Bliley ("GLB") is also known as the Financial Services Modernization Act. It removed most of the legal barriers that previously existed between the banking, insurance, and securities industries. GLB established consumer privacy standards, including notice requirements, limits on information sharing, and requirements to protect the confidentiality and security of personal information.

Banks, credit unions, mortgage companies, finance companies, insurance companies, insurance agents, and investment firms are all subject to Gramm-Leach-Bliley. The law also applies to some retailers and automobile dealers that collect and share information about consumers to whom they extend credit or for whom they arrange credit.

Some of these notices use words like "opt out." What does this mean?

"Opt out" means that you have an opportunity to say no ("opt out") before a financial institution shares information about you. Generally, Gramm-Leach-Bliley requires that consumers be given the right to "opt out" before personal information about them is shared with companies outside of the corporate family. If you exercise your right to "opt out," then (with the limited exceptions discussed below) the institution may not share nonpublic personal information about you with companies that are not part of the same parent organization. It is up to you to tell the company if you don't want your personal financial information shared without your permission. If you do not opt out, the company may share information with third parties in the way they describe in the notice it sends you.

What do they mean when they say they share information "as permitted by law"?

There are certain uses of nonpublic personal information for ordinary business purposes that are exceptions to the "opt out" right. These are often described in generic terms in privacy notices, using language such as "disclosures permitted by law." For example, personal information about you may be disclosed to carry out a transaction you have requested, to service your account, to prevent fraud, as part of an examination by regulators, or to an auditor, rating agency, or prospective buyer of the institution. In addition, information other than health information may be shared within the corporate family or under joint marketing agreements with other institutions. In all these cases, the third party receiving the personal information must protect its confidentiality and may not use or disclose the information for other purposes.

[back to top]

What kind of information can be shared if I do not opt out?

Any information that the institution may share with companies outside of the corporate family must be described in the privacy notice you receive. The types of personal financial information that may be shared if you do not opt out include:

Information you put on an application to obtain a loan, credit card, or other financial product or service;
Account balance information, payment history, overdraft history, investments purchased or owned and credit or debit card purchase information;
The fact that you are a customer;
Any information provided by you in connection with collecting or servicing a loan;
Information provided by you for purposes of analyzing your investments;
Information collected through an Internet "cookie";
Information from a consumer report.

What kind of a notice does the institution have to give to me about its privacy policy?

GLB requires the institution to give you a privacy notice that describes the types of information collected by the institution and if the institution might share your information, the types of businesses with whom the information might be shared. This notice must first be provided to existing customers by July 1, 2001 and then once a year after that. If you begin to do business with an institution after July 1, 2001, the notice must be given at the time the account is opened and then once a year.

This notice must also tell you how to exercise your right to "opt out" or say "no" to sharing your information. The institution may require you to return a form they send you or they may give you a toll free telephone number to call. However, the institution cannot require that you write your own letter as the only way to opt out of information sharing. If the institution does not provide an opportunity to "opt-out", then it cannot share your information except as specifically permitted by law in the ordinary course of business.

Finally, the notice must also tell you how the institution will protect the confidentiality and security of your information.

Can I still protect my personal financial information under an "opt out" standard and prohibit the sharing of that information?

Yes. If you exercise your right to "opt out," then an institution may not share your personal financial information, unless it is otherwise permitted under state or federal law. Some provisions of Maine law provide considerable civil money penalties for institutions that violate these confidentiality requirements. Banks, for example, could be fined up to $10,000 per violation.

If I choose to opt out, how long will it last?

If you choose to opt out, that choice is effective until you revoke it in writing.

What if I don't opt out when I first receive the privacy notice? Can I opt out later?

Yes. A consumer can opt out at any time, but it will only affect the future sharing of information and will not be retroactive.

What if I don't understand the privacy notices?

GLB requires that the notices be clear and conspicuous, and that they accurately explain the right to opt out. If an institution does not comply with the privacy requirements or does not provide clear disclosures, the State may investigate, bring an enforcement action, or assess fines. If you don't understand a privacy notice, you may contact the company that sent it to you or you may contact the agencies below for assistance.

[back to top]

What should I do if I threw away or lost my privacy notice?

You should contact the institution involved to request a new notice.

Are there any other steps that I can take to protect my privacy and limit the sharing of personal information?

Yes, existing state and federal laws give you the right to reduce or eliminate telemarketing calls, unsolicited e-mails and pre-screened credit offers.

To prevent pre-screened offers from all three major credit reporting agencies: Call 1-888-5-OPT-OUT (1-888-567-8688).
One major credit reporting agency (Experian) also permits you to opt out of receiving marketing and promotional information from its clients. Call 1-800-407-1088.
To avoid unwanted phone calls from many national marketers, send your name, address and phone number to Direct Marketing Association (DMA), Telephone Preference Service, PO Box 9014, Farmingdale, NY 11735-9014.
To remove your name from national direct mail lists, write Direct Marketing Association, Mail Preference Service, PO Box 9008, Farmingdale, NY 11735-9008.
To remove your e-mail address from many national direct e-mail lists, follow the instructions found at DMA's e-mail preference service website, www.e-mps.org.
Regarding driver's license information, the Maine Secretary of State's Office no longer shares such information with marketing or promotional companies. You only need to contact the Bureau of Motor Vehicles if you wish to "opt in," to permit the sharing of that information.

What if I have problems getting information from my financial services provider?

The following agencies within the Department of Professional and Financial Regulation are available to assist you:

For questions about banks and credit unions, contact the Bureau of Financial Institutions: 1-800-965-5235; Internet website: www.maine.gov/pfr/financialinstitutions/

For questions about insurance companies or insurance agents, contact the Bureau of Insurance: 1-800-300-5000; Internet website: www.maine.gov/pfr/insurance/

For questions about mortgage companies, finance companies, automobile dealers and other providers of consumer credit contact the Bureau of Consumer Credit Protection: 1-800-332-8529; Internet website: www.maine.gov/pfr/consumercredit/

For questions about investment firms and securities issues contact the Office of Securities: 1-877-624-8551; Internet website: www.maine.gov/pfr/securities/.


Prepared by the Department of Professional & Financial Regulation
July 5, 2001

[back to top]

 

Last Updated: June 16, 2014