<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by jook:
Under the Gramm-Leach-Bliley Act what penalties may be imposed upon a bank when it knowingly gives out an account holder's financial information to third parties without the account holder's consent? Also, are there any other Federal laws which may apply in such a situation?
Then incident in question occured in Alabama.
<HR></BLOCKQUOTE>
Gramm-Leach-Bliley
PRIVACY
Requires clear disclosure by all financial institutions of their privacy policy regarding the sharing of non-public personal information with both affiliates and third parties.
Requires a notice to consumers and an opportunity to "opt-out" of sharing of non-public personal information with nonaffiliated third parties subject to certain limited exceptions.
Addresses a potential imbalance between the treatment of large financial services conglomerates and small banks by including an exception, subject to strict controls, for joint marketing arrangements between financial institutions.
Clarifies that the disclosure of a financial institution's privacy policy is required to take place at the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship.
Provides for a separate rather than joint rulemaking to carry out the purposes of the subtitle; the relevant agencies are directed, however, to consult and coordinate with one another for purposes of assuring to the maximum extent possible that the regulations that each prescribes are consistent and comparable with those prescribed by the other agencies.
Allows the functional regulators sufficient flexibility to prescribe necessary exceptions and clarifications to the prohibitions and requirements of section 502.
Clarifies that the remedies described in section 505 are the exclusive remedies for violations of the subtitle.
Clarifies that nothing in this title is intended to modify, limit, or supersede the operation of the Fair Credit Reporting Act.
Extends the time period for completion of a study on financial institutions' information-sharing practices from 6 to 18 months from date of enactment.
Requires that rules for the disclosure of institutions' privacy policies must be issued by regulators within 6 months of the date of enactment. The rules will become effective 6 months after they are required to be prescribed unless the regulators specify a later date.
Assigns authority for enforcing the subtitle's provisions to the Federal Trade Commission and the Federal banking agencies, the National Credit Union Administration, the Securities and Exchange Commission, according to their respective jurisdictions, and provides for enforcement of the subtitle by the States.
Control Panel Help
Control Panel Help
Click here to link to LLGM.com, LeBoeuf, Lamb, Greene & MacRae's authorized web site, to learn more about the Firm.
LIVING WITH THE GRAMM-LEACH-BLILEY ACT(1) BY CECELIA KEMPLER AND ROBERT WOODY(2) MARCH 15, 2000 EXECUTIVE SUMMARY Privacy protection for personal information acquired by financial institutions and others is, and will remain, for the foreseeable future a potent political issue. The Gramm-Leach-Bliley Act(3) ("GLB" or "Gramm-Leach") gave the financial services industry a long sought competitive boost. Certain consumer privacy protections accompanied GLB's competitive benefits. GLB privacy protections apply to financial institutions regardless of whether the institutions are financial holding companies ("FHCs") under Gramm-Leach(4). Federal regulators have issued draft regulations to implement the privacy provisions of Gramm-Leach(5). These regulations are to be effective on November 13, 2000. Until final regulations implementing GLB are adopted and possibly even after the adoption of federal regulations, broadly defined terms such as "financial institutions", "financial activities", nonpublic personal information", "personally identifiable financial information", "consumer" and "customer" will generate debate, disputes and confusion. Existing and future state laws on this subject will only complicate matters because terms such as consumer, customer, privileged or personal information may not be defined at all or definitions may differ from those in GLB. It is possible that state insurance regulators may not act to implement GLB by November 13, 2000, which could result in costly revisions to disclosure materials developed by financial institutions in response to federal regulations. Prior to enactment of GLB, relevant federal privacy laws limited disclosure restrictions to medical and motor vehicle information, Fair Credit Reporting Act ("FCRA") information, and privacy relating to the activities of government agencies. GLB, however, includes provisions intended to protect the privacy of personal nonpublic information shared by financial institutions with third parties. GLB CORE PRIVACY REQUIREMENTS, PROPOSED REGULATIONS AND STATE ISSUES GLB applies to "financial institutions", which GLB defines to encompass any entity that engages in activities that are "financial in nature" and virtually any other "financial" activity that federal regulators may designate. Insurers, agents, and brokers are expressly included in the definition of "financial" activity. The Federal Trade Commission (the "FTC"), for example, has proposed regulations that would include among "financial institutions" (engaging in "financial" activities) entities such as mortgage lenders, "pay day" lenders, finance companies, mortgage brokers, account services, check cashers, wire transferors, travel agencies operated in connection with financial services, debt collectors, credit counselors, financial advisors, tax preparation firms and many other businesses that never would have expected GLB to apply to them. Gramm-Leach core privacy provisions address financial institution disclosure policies regarding consumer information, consumer "opt-out rights," enforcement mechanisms, timing for implementation of regulations promulgated pursuant to GLB, and preservation of state jurisdiction. Each of these issues is discussed below. Exceptions to GLB's notice and opt-out requirement are discussed in Section 5 of this paper. Disclosure Policies. To appreciate the impact of GLB's disclosure requirements, it is important to focus on the distinctions between "consumer" and "customer" under GLB. A "consumer" is an "individual who obtains or has obtained a financial product or service from you that is to be used primarily for personal, family or household purposes, and that individual's legal representative." A "customer" is a consumer who has a "continuing relationship" with the financial institution. Financial institutions are not required under GLB to disclose privacy practices and policies to "consumers", if they have no intention of sharing information with nonaffiliated third parties. Therefore, unless an institution is confident that sharing of nonpublic personal information will not occur, disclosure might be most efficiently introduced in marketing and application materials, i.e., to the "consumer". GLB requires all financial institutions engaging in "financial" activities to disclose their privacy practices and policies to "customers" regarding use of nonpublic personal information, regardless of whether such institutions intend to share information with affiliates or third parties. This disclosure must be made at the time of establishing a customer relationship and then "not less than annually" during the continuation of the relationship. Disclosures pursuant to GLB must be "clear and conspicuous," may be made either in writing or in electronic form or other form authorized by regulation. The disclosure must set forth the institution's privacy policies and practices, and must include, among other things, specific information regarding categories of persons to whom information may be disclosed. Disclosure of privacy policies
