Financial Privacy Laws Affecting Sharing of Customer Information Among Affiliated Institutions
Publication Date: February 2003
Publisher(s): Library of Congress. Congressional Research Service
The privacy provisions of the Gramm-Leach-Bliley Act of 1999 (P.L. 106-102) do not permit customers to preclude financial institutions from sharing nonpublic personal information with affiliated companies; they merely require companies to notify their customers of their practices of information sharing with affiliates. Until the Fair Credit Reporting Act (FCRA) was amended in 1996, sharing of such information with affiliates might have subjected a company to being regulated as a credit reporting agency. Under provisions added in 1996, 15 U.S.C. Sections 1681a(d)(2)(A)(ii) and (iii), which preempt inconsistent state law until January, 1, 2004, companies have been permitted to share among their corporate family a broad range of data they have collected on their customers provided they have given the customers the opportunity to preclude, i.e., opt out of, the information sharing. After January 1, 2004, states may act to override this FCRA provision. While information sharing among affiliates would, thus, not automatically become impermissible on January 1, 2004, the possibility of enactment of state overrides on a piecemeal and inconsistent basis raises concerns among large nationwide conglomerates.
This report provides an analysis of the current federal law and a brief description of state laws that appear to provide more consumer protection with respect to the issue of information sharing among affiliates. It will be updated to reflect action on major legislation. For an economic perspective on financial privacy, see CRS Report RL31758.