17 C.F.R. Subpart D—Relation to Other Laws; Effective Date


Title 17 - Commodity and Securities Exchanges


Title 17: Commodity and Securities Exchanges
PART 248—REGULATION S-P: PRIVACY OF CONSUMER FINANCIAL INFORMATION

Browse Previous

Subpart D—Relation to Other Laws; Effective Date

§ 248.16   Protection of Fair Credit Reporting Act.

Nothing in this part shall be construed to modify, limit, or supersede the operation of the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), and no inference shall be drawn on the basis of the provisions of this part regarding whether information is transaction or experience information under section 603 of that Act.

§ 248.17   Relation to State laws.

(a) In general. This part shall not be construed as superseding, altering, or affecting any statute, regulation, order, or interpretation in effect in any State, except to the extent that such State statute, regulation, order, or interpretation is inconsistent with the provisions of this part, and then only to the extent of the inconsistency.

(b) Greater protection under State law. For purposes of this section, a State statute, regulation, order, or interpretation is not inconsistent with the provisions of this part if the protection such statute, regulation, order, or interpretation affords any consumer is greater than the protection provided under this part, as determined by the Federal Trade Commission, after consultation with the Commission, on the Federal Trade Commission's own motion, or upon the petition of any interested party.

§ 248.18   Effective date; transition rule.

(a) Effective date. This part is effective November 13, 2000. In order to provide sufficient time for you to establish policies and systems to comply with the requirements of this part, the compliance date for this part is July 1, 2001.

(b)(1) Notice requirement for consumers who are your customers on the compliance date. By July 1, 2001, you must have provided an initial notice, as required by §248.4, to consumers who are your customers on July 1, 2001.

(2) Example. You provide an initial notice to consumers who are your customers on July 1, 2001, if, by that date, you have established a system for providing an initial notice to all new customers and have mailed the initial notice to all your existing customers.

(c) Two-year grandfathering of service agreements. Until July 1, 2002, a contract that you have entered into with a nonaffiliated third party to perform services for you or functions on your behalf satisfies the provisions of §248.13(a)(2), even if the contract does not include a requirement that the third party maintain the confidentiality of nonpublic personal information, as long as you entered into the agreement on or before July 1, 2000.

§§ 248.19-248.29   [Reserved]

§ 248.30   Procedures to safeguard customer records and information; disposal of consumer report information.

(a) Every broker, dealer, and investment company, and every investment adviser registered with the Commission must adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These written policies and procedures must be reasonably designed to:

(1) Insure the security and confidentiality of customer records and information;

(2) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and

(3) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.

(b) Disposal of consumer report information and records—(1) Definitions (i) Consumer report has the same meaning as in section 603(d) of the Fair Credit Reporting Act (15 U.S.C. 1681a(d)).

(ii) Consumer report information means any record about an individual, whether in paper, electronic or other form, that is a consumer report or is derived from a consumer report. Consumer report information also means a compilation of such records. Consumer report information does not include information that does not identify individuals, such as aggregate information or blind data.

(iii) Disposal means:

(A) The discarding or abandonment of consumer report information; or

(B) The sale, donation, or transfer of any medium, including computer equipment, on which consumer report information is stored.

(iv) Notice-registered broker-dealers means a broker or dealer registered by notice with the Commission under section 15(b)(11) of the Securities Exchange Act of 1934 (15 U.S.C. 78o(b)(11)).

(v) Transfer agent has the same meaning as in section 3(a)(25) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(25)).

(2) Proper disposal requirements—(i) Standard. Every broker and dealer other than notice-registered broker-dealers, every investment company, and every investment adviser and transfer agent registered with the Commission, that maintains or otherwise possesses consumer report information for a business purpose must properly dispose of the information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.

(ii) Relation to other laws. Nothing in this section shall be construed:

(A) To require any broker, dealer, or investment company, or any investment adviser or transfer agent registered with the Commission to maintain or destroy any record pertaining to an individual that is not imposed under other law; or

(B) To alter or affect any requirement imposed under any other provision of law to maintain or destroy any of those records.

[65 FR 40362, June 29, 2000, as amended at 69 FR 71329, Dec. 8, 2004]

Appendix A to Part 248—Sample Clauses

Financial institutions, including a group of financial holding company affiliates that use a common privacy notice, may use the following sample clauses, if the clause is accurate for each institution that uses the notice. (Note that disclosure of certain information, such as assets, income, and information from a consumer reporting agency, may give rise to obligations under the Fair Credit Reporting Act, such as a requirement to permit a consumer to opt out of disclosures to affiliates or designation as a consumer reporting agency if disclosures are made to nonaffiliated third parties.)

A–1—Categories of Information You Collect (All Institutions)

You may use this clause, as applicable, to meet the requirement of §248.6(a)(1) to describe the categories of nonpublic personal information you collect.

Sample Clause A–1:

We collect nonpublic personal information about you from the following sources:

• Information we receive from you on applications or other forms;

• Information about your transactions with us, our affiliates, or others; and

• Information we receive from a consumer reporting agency.

A–2—Categories of Information You Disclose (Institutions That Disclose Outside of the Exceptions)

You may use one of these clauses, as applicable, to meet the requirement of §248.6(a)(2) to describe the categories of nonpublic personal information you disclose. You may use these clauses if you disclose nonpublic personal information other than as permitted by the exceptions in §§248.13, 248.14, and 248.15.

Sample Clause A–2, Alternative 1:

We may disclose the following kinds of nonpublic personal information about you:

• Information we receive from you on applications or other forms, such as [provide illustrative examples, such as “your name, address, social security number, assets, and income”];

• Information about your transactions with us, our affiliates, or others, such as [provide illustrative examples, such as “your account balance, payment history, parties to transactions, and credit card usage”]; and

• Information we receive from a consumer reporting agency, such as [provide illustrative examples, such as “your creditworthiness and credit history”].

Sample Clause A–2, Alternative 2:

We may disclose all of the information that we collect, as described [describe location in the notice, such as “above” or “below”].

A–3—Categories of Information You Disclose and Parties to Whom You Disclose (Institutions That Do Not Disclose Outside of the Exceptions)

You may use this clause, as applicable, to meet the requirements of §§248.6(a)(2), (3), and (4) to describe the categories of nonpublic personal information about customers and former customers that you disclose and the categories of affiliates and nonaffiliated third parties to whom you disclose. You may use this clause if you do not disclose nonpublic personal information to any party, other than as permitted by the exceptions in §§248.14 and 248.15.

Sample Clause A–3:

We do not disclose any nonpublic personal information about our customers or former customers to anyone, except as permitted by law.

A–4—Categories of Parties to Whom You Disclose (Institutions That Disclose Outside of the Exceptions)

You may use this clause, as applicable, to meet the requirement of §248.6(a)(3) to describe the categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal information. You may use this clause if you disclose nonpublic personal information other than as permitted by the exceptions in §§248.13, 248.14, and 248.15, as well as when permitted by the exceptions in §§248.14 and 248.15.

Sample Clause A–4:

We may disclose nonpublic personal information about you to the following types of third parties:

• Financial service providers, such as [provide illustrative examples, such as “mortgage bankers, securities broker-dealers, and insurance agents”];

• Non-financial companies, such as [provide illustrative examples, such as “retailers, direct marketers, airlines, and publishers”]; and

• Others, such as [provide illustrative examples, such as “non-profit organizations”].

We may also disclose nonpublic personal information about you to nonaffiliated third parties as permitted by law.

A–5—Service Provider/Joint Marketing Exception

You may use one of these clauses, as applicable, to meet the requirements of §248.6(a)(5) related to the exception for service providers and joint marketers in §248.13. If you disclose nonpublic personal information under this exception, you must describe the categories of nonpublic personal information you disclose and the categories of third parties with whom you have contracted.

Sample Clause A–5, Alternative 1:

We may disclose the following information to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements:

• Information we receive from you on applications or other forms, such as [provide illustrative examples, such as “your name, address, social security number, assets, and income”];

• Information about your transactions with us, our affiliates, or others, such as [provide illustrative examples, such as “your account balance, payment history, parties to transactions, and credit card usage”]; and

• Information we receive from a consumer reporting agency, such as [provide illustrative examples, such as “your creditworthiness and credit history”].

Sample Clause A–5, Alternative 2:

We may disclose all of the information we collect, as described [describe location in the notice, such as “above” or “below”] to companies that perform marketing services on our behalf or to other financial institutions with whom we have joint marketing agreements.

A–6—Explanation of Opt Out Right (Institutions That Disclose Outside of the Exceptions)

You may use this clause, as applicable, to meet the requirement of §248.6(a)(6) to provide an explanation of the consumer's right to opt out of the disclosure of nonpublic personal information to nonaffiliated third parties, including the method(s) by which the consumer may exercise that right. You may use this clause if you disclose nonpublic personal information other than as permitted by the exceptions in §§248.13, 248.14, and 248.15.

Sample Clause A–6:

If you prefer that we not disclose nonpublic personal information about you to nonaffiliated third parties, you may opt out of those disclosures, that is, you may direct us not to make those disclosures (other than disclosures permitted by law). If you wish to opt out of disclosures to nonaffiliated third parties, you may [describe a reasonable means of opting out, such as “call the following toll-free number: (insert number)”].

A–7—Confidentiality and Security (All Institutions)

You may use this clause, as applicable, to meet the requirement of §248.6(a)(8) to describe your policies and practices with respect to protecting the confidentiality and security of nonpublic personal information.

Sample Clause A–7:

We restrict access to nonpublic personal information about you to [provide an appropriate description, such as “those employees who need to know that information to provide products or services to you”]. We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information.

Browse Previous





















chanrobles.com


ChanRobles Legal Resources:

ChanRobles On-Line Bar Review

ChanRobles Internet Bar Review : www.chanroblesbar.com

ChanRobles MCLE On-line

ChanRobles Lawnet Inc. - ChanRobles MCLE On-line : www.chanroblesmcleonline.com