Privacy Protection for Customer Financial Information – M. Maureen Murphy, Legislative Attorney. July 14, 2014
“One of the functions transferred to the Consumer Financial Protection Bureau (CFPB) under P.L. 111-203, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), is authority to issue regulations and take enforcement actions under the two major federal statutes that specify conditions under which customer financial information may be shared by financial institutions: Title V of the Gramm-Leach-Bliley Act of 1999 (GLBA, P.L. 106-102) and the Fair Credit Reporting Act (FCRA). Possible topics for congressional oversight in the 113th Congress include (1) the transition of power from the financial institution prudential regulators and the Federal Trade Commission to the CFPB; (2) CFPB’s interaction with other federal regulators and coordination with state enforcement efforts; and (3) the CFPB’s success at issuing rules that adequately protect consumers without unreasonably increasing the regulatory burden on financial institutions. GLBA prohibits financial institutions from sharing nonpublic personally identifiable customer information with non-affiliated third parties without providing customers an opportunity to opt out and mandates various privacy policy notices. It requires financial institutions to safeguard the security and confidentiality of customer information. FCRA regulates the credit reporting industry by prescribing standards that address information collected by businesses that provide data used to determine eligibility of consumers for credit, insurance, or employment and limits purposes for which such information may be disseminated. One of its provisions, which became permanent with the enactment of P.L. 108-159, permits affiliated companies to share non-public personal information with one another provided the customer does not choose to opt out. The creation of CFPB alters the regulatory landscape for these laws. It has primary enforcement authority over non-depository institutions (subject to certain exceptions) and over depository institutions with more than $10 billion in assets. For depository institutions with assets of $10 billion or less, the CFPB’s rules apply but enforcement authority remains with the banking regulators, subject to certain prerogatives of the CFPB.”
Sorry, comments are closed for this post.