Bankers Compliance Group | The Banking Community's Foremost Resource For Legal Services | BCG
HOME   |   CONTACT   |   LOGIN   |   REGISTER
 
 
bank sign loan application mortgage loan business colleagues clapping credit information
Today is: April 18, 2025   Back Home
 
 
 
 
Aldrich and Bonnefin PLC

Compliance Companion®
Standard Procedures Manuals (SPM)
 

Financial Privacy & Information Security April 2025


This Manual summarizes the principal laws and regulations governing the privacy of consumer financial information from the perspective of a financial institution.

Part One presents an introduction to the topic and explains how the Manual is organized.

Part Two includes a detailed discussion of the privacy rules under the Gramm-Leach-Bliley Act (GLBA) and CFPB Regulation P, including the required contents and timing of the GLBA initial and annual privacy notices, the exceptions that permit information sharing, the restrictions on sharing nonpublic personal information with nonaffiliated third parties, the requirements regarding consumers’ right to opt out under GLBA, and a financial institution’s liability for GLBA violations.

Part Three explains the privacy and information sharing aspects of the federal Fair Credit Reporting Act, including the FCRA opt outs (sharing opt-out and marketing opt-out) that some institutions must provide, the restrictions regarding the use and sharing of medical information and the rules that apply to sharing consumer information with affiliates for marketing purposes.

Part Four of this Manual provides a brief overview of the relevant state and federal laws – specifically the California Right to Financial Privacy Act and the federal Right to Financial Privacy Act – that govern the disclosure of financial records to governmental agencies. For a complete discussion of the laws governing disclosures made by financial institutions as a result of requests by state or federal government authorities or private parties involved in litigation, refer to Part Two of BCG Standard Procedures Manual #4, Legal Processes.

Part Four also discusses the California constitutional right to privacy and several California privacy laws, such as the California Financial Information Privacy Act (aka SB1) (CFIPA). Part Four explains the CFIPA’s requirements, including what information may be shared with nonaffiliated third parties, what information may be shared with affiliates, and the interaction between the various GLBA, FCRA, and CFIPA opt-in and opt-out rights. Part Four also examines the requirements of the Online Privacy Protection Act of 2003, and the Making Online Banking Initiation Legal and Easy (MOBILE) Act, which permits financial institutions to record personal information from a scanned image of a driver’s license or state identification card.

Part Five provides a comprehensive discussion of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), which gives consumers, among other things, the right to know and correct the information a business collects about them, the right to require a business to delete their information, and the right to opt out of a business sharing their information. This part also discusses the establishment of the relatively new California Privacy Protection Agency (CPPA).

Part Six of this Manual addresses the important topic of Information Security. This part includes a discussion of the interagency guidance regarding information security standards, the components of an incident response program, the federal and California breach notification requirements, and many other related topics.

Part Seven covers the October 22, 2024, final rule from the CFPB to carry out the personal financial data rights established by Section 1033 of the Consumer Financial Protection Act of 2010 (CFPA). Section 1033 provides that, subject to rules prescribed by the CFPB, a covered person (which includes financial institutions such as banks and credit unions) must make information in their control or possession concerning consumer financial products or services available to a consumer upon request.

The main text of the Manual is 346 pages, plus 39 pages of appendixes.

_____________________________________________________________________

Compliance Companion

Compliance Companion® is a one-stop regulatory compliance resource for financial institutions. This online compilation of 19 industry-leading compliance manuals, including this SPM #20, Financial Privacy & Information Security, takes the legalese out of federal and California laws and regulations, making it easier to understand and keep up with ongoing compliance developments.

Published by Aldrich & Bonnefin, PLC, Compliance Companion® has many useful features including search capabilities, links to internal cross-references and web-based sources, as well as samples of dozens of forms, disclosures and notices.

This compliance resource can also be accessed from your mobile device, making it faster and easier to get the latest information on federal and California laws and regulations governing financial institutions.

For information regarding online subscriptions to Compliance Companion®, contact info@bankerscompliancegroup.com or call 949-553-0909.

Back to List of Manuals
SPM 20
* Janet Bonnefin has retired from the firm.
| Home | Contact | Sitemap | Disclaimer |
Copyright © 2025 Aldrich & Bonnefin, PLC* - All Rights Reserved