427:
specifically says "Do Not Sell My
Personal Information" must also be provided to employees under the employers' website to help facilitate any opt-out requests. Under the act, employees can request the disclosure of certain categories of information. If employers plan to collect information concerning their employees, then they must notify their employees of what information was collected, why it was collected, and under what conditions would the information be used. If the employers were to gather additional data, then another notification must be sent out to employees with the same aforementioned details. Employees have the ability to request that the employers erase their information. However, employers also have the right to deny the request if maintaining the information is necessary to meet certain obligations. Employees must also be notified if their employers are selling their information under the California Civic Code's definition of "business purposes."
116:
written approval which allows the government access for a maximum of three months. At any given time, the consumer can void the approval. If the government is given access via approval, the financial institution holding the information must document which government agencies are given access. In the event that financial records are requested using an administrative summons, a judicial subpoena, or a formal written request, the government must notify the customer of what specific records are being requested, why they are being requested, and the procedures used to access the records. Financial institutions must verify that all laws, regulations, and procedures were followed before any financial records that were requested can be handed over to federal agencies.
661:
that the FTC would help enforce. The FTC believed that simply backing companies' policies would help legitimize the policies and give the policies credibility and importance in the eyes of consumers. However, as privacy became an increasingly prevalent problem, the FTC evolved into the de facto authority over consumer privacy. Although it was never explicitly stated that the FTC would have power over consumer privacy regulations, Congress allowed the FTC more and more responsibilities beginning in the late 1990s. Settlements that the agency made would also become considered as de facto common law. Eventually the FTC, in general, gained the power to create privacy regulations and implement protections against fraudulent activities.
328:
consumer when pursuing payment. Under the FDCPA, collectors are not allowed to publish a consumer's name and address on a bad debt list or reveal any information regarding the debt to unaffiliated third parties except the consumers' partner or attorney. If the collector is attempting to inquire about the whereabouts of the consumer, then they can disclose debt information to only neighbors and coworkers. Collectors are also not allowed disclose fraudulent information to credit reporting agencies in an attempt to collect the debt.
454:
example, financial institutions that are regulated under the act only include institutions that are "significantly engaged in financial activities." The act also provides an opt-in rule instead of opt-out which allows consumers more control over the situations in which financial institutions can handle information without consent. Financial information is also required to stay within one financial entity which means other institutions are not allowed access based on affiliation.
652:
institutions that hold consumer deposits with $ 10 million or less in assets, the CFPB only has rule making authority, as authority over enforcement remains with other financial regulators. As part of its enforcement powers, the CFPB can initiate investigations, issue subpoenas, hold hearings, and hand out fines of over a million dollars for violations. The bureau also has the ability to enforce and make rules regarding any existing federal financial privacy laws.
180:
unauthorized access of information, unauthorized use of information, and threats to the safety of the information. Information systems that processes, stores, transmits, and destroys information must be used in the security program. The rule also states that institutions must dedicate employees to the development, implementation, and maintenance of the security program. There must be people trained to identity and respond to any security threats or data breaches.
475:
consumer's file. Any information requested by the consumer must be made available by a person, by mail, or by phone with a trained person who is able provide a comprehensive explanation of the information. Credit reports can be disclosed to third parties without notifying the consumer if the information is related to the party requesting the information, if it is to complete a court order, or if the party requesting it has legitimate use for the information.
271:. The amendments ensured that any state laws with stricter regulations than those outlined in the FCRA would be enforced first. State laws regarding credit scores, credit reports, and insurance that were to remain in effect as a result of the amendments were outlined within the act. Under the act, consumers received more rights to explanations of their credit scores and the right to a free credit report each year.
2122:
79:
the event that the government successfully gains access to a customer's information, the government is not allowed to transfer the information between government agencies without clarifying that the information in question is being used in the name of law enforcement. The customer must be notified immediately if conditions are met and their information is going to be transferred between agencies.
497:
in which consumers must consent to sharing their information in order to use their credit cards for a transaction. However, consumer information can be requested in order to complete a credit card transactions as long as the information is never recorded. The act also set a redundant state level requirement that companies must shorten a consumer's credit and debit card information on receipts.
280:
shredding of documents. Digital information can be disposed of by simply erasing electronic files. Information can also be destroyed by hiring contractors. Due diligence must be performed on documents to identify consumer information before they can be submitted to contractors for disposal. Any disposal of information must be done so in way that the documents cannot be reconstructed and read.
120:
institution decides to share a customer's financial information this way, then the institution is only allowed to disclose information that identifies the suspect. The institution will also not be held liable for disclosing the information. The amendments also states that a court can compel a financial institution to notify a customer that their information has been subpoenaed.
189:
policies required by the act are also unhelpful, as many of the policies written by financial institutions are intentionally complex to prevent customer comprehension. There is also a lack of rules that punish financial institutions for any noncompliance. Criticism has also been targeted at the opt-out rule in the act. Former president of the
145:. The repeal of Glass-Steagall allowed mergers between different types of financial institutions to occur, which enabled increased efficiency in the dissemination of financial information. To promote consumer privacy, the Gramm-Leach-Bliley Act included regulations to limit the ways in which companies handled and shared financial data.
387:
consumers the ability to opt-out of any disclosure of information through a webpage link that clearly and specifically says "Do Not Sell My
Personal Information." In the event that a consumer does opt out, the company cannot approach the consumer with the option to opt in again until a year has passed since the consumer opted out.
665:
reports under oath. The agency also has the power to issue fines for violations. The FTC only uses its full enforcement powers if any violations they discover are considered major. For most minor violations, the FTC will likely help companies identity and fix any problems contributing to noncompliance.
496:
The Song-Beverly Credit Card Act of
California was passed in 1971 to protect consumer information in credit card transactions. Under the act, companies may not collect personally identifiable information from consumers who purchase goods or services using credit cards. Companies cannot set conditions
461:
Despite providing more stringent rules, the act also includes exceptions. Those who entered into contracts before the act was passed may still have their information shared if they do not manually opt out. Institutions that share the same regulator are allowed to exchange consumer information without
444:
Companies that are not physically located within
California and conduct all of their business outside of the state may be exempt from the act. However, if such companies enter California or begin engaging in transactions with California residents online, then they would be expected to comply with the
390:
Under the act, companies must notify consumers of their new rights regarding data access, disposal, and portability. The company must also provide a way for consumers to exercise their new rights and a way to verify any consumer requests to exercise their rights. Privacy policies must also be updated
340:
was passed by congress in 1978 to regulate the then growing use of electronic transfer of funds. The act implemented requirements so that banks have to notify their customers of any policies regarding electronic transfer of funds. A model statement is even included in the act in order to regulate the
82:
The Right to
Financial Privacy Act included many exceptions to expedite federal investigations. Federal agencies can access any financial records if the records in question are connected to a law enforcement investigation. The act also gives any government department or agency the ability to request
500:
There are exceptions to the act as companies are still able to collect information from consumer who pay using debit card of cash. Under the act, companies can still collect consumer data if a credit card is being used to collect money in situations similar to damages and defaults. In the event of a
483:
California passed its own Right to
Financial Privacy Act two years before the federal government passed an act of the same name in 1976. The act regulated the state's government agencies' abilities to access nonpublic consumer information. As a result of the act, California's government agencies are
254:
The Fair Credit
Reporting Act faced criticism over the strength of its regulations as the act only limits the distribution of information instead of the collection of it. The act is also written with broad language which invites open interpretation that may lead to loopholes. Some criticism has also
245:
The FRCA includes multiple measures to promote compliance. The act states that unauthorized access to a file or receiving a report under false pretext will result in a criminal offense. Reporting agencies and those using the reports are held liable for any noncompliance as well. The consumer is also
162:
Despite the regulations put forth by GLBA, exceptions in the act allow financial institutions the ability to disclose financial information under certain conditions. If a financial product provided by a financial institution is owned by two or more parties, the institution is only required to notify
78:
deliver a legal notice to a customer or receive consent from a customer before they can legally access their financial information. Customers must also be informed that they have the ability to challenge the government when the government is actively trying to access their financial information. In
651:
The
Consumer Financial Protection Bureau is an independent regulatory agency within the United States Federal Reserve. The CFPB promotes fair practice by regulating consumer interactions with financial institutions. It has complete authority over institutions that do not hold consumer deposits. For
487:
As long as government agencies show proof of customer consent, a subpoena, or a search warrant, financial institutions are obligated to disclose the requested financial information. With proof, financial institutions do not have to verify that all laws were followed before handing over information.
474:
The CCCRA allows consumers to request a copy of their credit file with a thorough explanation of any codes used, credit score with related information, records of any third party requests made for the consumer's files, and the identifiable information of any party third party that has received the
382:
The act set requirements that regulates and attempts to limit the sale of personal information. However, companies can justify their sale of information through contracts with business partners. Those contracts would be taken into consideration when a company is reviewed for compliance to the act.
314:
clearance to consolidate bank records so that the information can effectively serve in legal proceedings. It also set a requirement for financial institutions to maintain consumer records, especially those with international transactions. Financial institutions are required to hold records for six
664:
The FTC deals with noncompliance through civil litigation, criminal litigation, and administrative enforcement actions. Enforcement actions begin with complaints or claims against a company. The FTC has power to conduct investigations and can issue subpoenas as well as compel companies to provide
660:
The
Federal Trade Commission is an independent regulatory agency responsible for protecting consumers and competition. In 1995, the FTC became involved with privacy regulation. At the beginning, the agency promoted self regulation as they encouraged companies to produce their own privacy policies
197:
argues that the opt-out option, provided by banks in their policies to customers, is ineffective due to a weak marketplace for financial information. Sharing financial information is not profitable enough to motivate financial institutions to pay for customer consent, so opt-out notifications are
115:
Any preexisting rules regarding search warrants are applied to the exceptions. When a search warrant for a customer's financial information is issued, the government has 90 days to inform the customer of the existence of the search warrant. A consumer can give permission to the government through
386:
If a company is unable to comply with provisions regarding the sale of information without disrupting their business, then they must receive consent through the opt-in option from minors under 16 years old or parental consent if the minor is under 13 years old. Companies must also give all other
470:
The
California Consumer Credit Reporting Agencies Act (CCCRA) was passed in 1975 as the state's version of the federal Fair Credit Reporting Act. The act regulates consumer credit reporting agencies as well as any users of credit reports. The act also provides a narrower definition of "consumer
327:
was passed in 1978 to give consumers rights and the ability to maintain accurate information when dealing with debt collection. Under the act, any consumer information regarding debt is protected. Requirements were set to outline the ways in which debt collectors are allowed to interact with a
453:
The California Privacy Act is a state level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. The California Privacy Act provides narrower definitions of some language found in the Gramm-Leach-Bliley Act. For
188:
The Gramm-Leach-Bliley Act has been the subject of much criticism as experts claim that the act provides weak protection due to its broad language. Without clear explanation and better defined language, the act is open to interpretation which will ultimately work against consumers. The privacy
179:
to set standards that financial institutions must follow when protecting financial information. The rule required that financial institutions create and implement a security program that is appropriate to the size of the institutions' operations. The program must keep information safe from any
73:
and to supplement the Bank Secrecy Act. The act was put in place to limit the government's ability to freely access nonpublic financial records. The RFPA defines financial institutions as any institution that engages in activities regarding banking, credit cards, and consumer finance. It also
620:
If a financial institution receives information from another, unaffiliated party, the institution is allowed to re-disclose the information if it is to parties affiliated to the unaffiliated party they received the information from, if it is to their own affiliated parties, of if they receive
119:
The RFPA was later amended to increase financial institutions' ability to help facilitate criminal investigations and prosecutions. Under the new amendments, financial institutions are allowed to disclose information to the government if they believe that a regulation has been violated. If an
341:
language in which policies would be presented to consumers. Banks are also held liable in the event that information is disclosed through telephone without consent. Also, banks would be held responsible for any damages that came as a result of unauthorized access to a consumer's information.
279:
The Disposal Rule set requirements under FACTA for how public and nonpublic entities have to destroy consumer reports in order to prevent unauthorized access to nonpublic consumer information. Under the act, disposal of physical information can be done through the burning, pulverization, and
237:
According to the FCRA, obsolete information may not be investigated and included on reports. Information found in reports can be contested in the event that a mistake is found. The credit agency must begin an investigation, and if a mistake is proven to exist, the information must be removed
16:
Financial privacy laws regulate the manner in which financial institutions handle the nonpublic financial information of consumers. In the United States, financial privacy is regulated through laws enacted at the federal and state level. Federal regulations are primarily represented by the
426:
The act also regulates any employer-employee relationships regarding personal information. Under the act, employers must provide a way for their employees to exercise their rights outlined in the act. Employees also have the ability to opt out of any sale of information. A clear link that
128:
Criticism has been directed at the written approval. The act never specifies if the customer is responsible for submitting the approval directly to the financial institution or if the government is responsible for only providing proof that a written approval has been submitted to them.
198:
rarely distributed. In situations where customers are notified, only an estimated 5% respond. The low response rate is evidence that consumers do not seem to care about their financial privacy. With unconcerned customers and a weak market, the opt-out option is rendered ineffective.
37:
also contribute to financial privacy in the United States. State regulations vary from state to state. While each state approaches financial privacy differently, they mostly draw from federal laws and provide more stringent outlines and definitions. Government agencies like the
238:
immediately. If a consumer if affected by the contents of their report, the user of the report must notify the consumer so that he or she can access their file and receive an explanation of the contents of their file from the agency. The FCRA also includes the
633:
Financial institutions can share their customers' financial information with unaffiliated third parties if the third parties are using the information to carry out services for the institution or if the third parities are acting on behalf of the
296:
The Credit and Debit Card Receipt Clarification act was passed in 2007 as an amendment to the FCRA. The act required that account numbers printed on receipts have to be shortened to five digits in order to protect consumer privacy.
524:
The first article in the regulation is used define what the regulation is in general. As stated in the article, the purpose of the regulation is regulate the handling of any private information connected to financial institutions.
457:
Punishment is also outlined in the act to deal with any institution that fails to comply. Violations to the act may result in a maximum penalty of $ 500,000. However, the fine can double in situations concerning identity theft.
1640:
605:
If a financial institution chooses to revise its privacy policy, it must still abide by the initial notice it sent to customers until customers are notified of the changes or if the customers gives consent since the
309:
was enacted in 1970 to deter people from hiding income in foreign financial institutions and to prevent financial institutions' common practice of photocopying items used in criminal investigations. The act gave the
501:
consumer return or refund, companies are allowed to collect information to protect against fraud. Gas stations are also allowed to only collect a consumer's zip code information to protect themselves from fraud.
1749:
624:
Unless the financial institution is disclosing information to a consumer reporting agency, the institution is not allowed to share account information to parties that would use the information for marketing
233:
A time limit is set for the retention of information on reports. Information that is seven years or older must be deleted while information regarding bankruptcies can be removed only after fourteen years
845:
Kirschner, Nancy M. (1979). "The Right to Financial Privacy Act of 1978 - The Congressional Response to United States v. Miller: A Procedural Right to Challenge Government Access to Financial Records".
350:
358:
39:
163:
one party. Financial institutions are also allowed to disclose information without ever notifying the customer if the information in question is used for an investigation regarding public safety.
1744:
155:
Financial institutions must specifically disclose to customers the conditions in which policy exceptions would allow financial information to be distributed to unaffiliated third parties
1794:
242:, which was added by the Fair and Accurate Credit Transactions Act. A Change of Address Rule is also set in place so that government financial agencies must verify change of addresses.
288:
The Red Flags Rule was a rule set under FACTA that requires financial institutions and creditors to develop and implement programs to identify and prevent any identity theft threats.
971:
1809:
1690:
255:
been directly aimed at the vagueness in defining "accuracy." In the context of the act, "accuracy" can be interpreted as a credit report that is either correct or incomplete.
2151:
2021:
1729:
1986:
1925:
1814:
594:
If any private financial information has been shared under the Fair Credit Reporting Act, federal implementing regulations, and the Vermont Fair Credit Reporting Act
637:
Financial institutions can disclose a customer information if it is in the interest of enforcing a transaction that the customer authorized or is in connection to
617:
Consumers have the ability to partially opt-in, which means that they can pick and choose what information they give consent to the financial institution to share
462:
notifying the customer. Customers also do not need to be notified that their information has been given out if the information is used for any legal proceedings.
1680:
430:
Companies that conduct business with California consumers must comply with the act if the company satisfies one of the three conditions stated under the act:
1759:
585:
The categories of information regarding former customers that the financial institution has shared, and to which parties the information has been shared with
1469:
2146:
264:
1769:
1685:
1675:
720:
311:
75:
484:
not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information.
2001:
1270:
1126:
158:
Financial institutions must give customers an "opt-out" option to allow customers the ability to prevent private information to be disclosed
1630:
680:
609:
Notifications must be delivered to customers in writing unless the customer has given consent to receiving the notifications electronically
1824:
1121:. 75 Rochester Ave., Suite 4, Portsmouth, NH 03801, United States of America: International Association of Privacy Professionals (IAPP).
1981:
1789:
1779:
1739:
1359:. 75 Rochester Ave., Suite 4, Portsmouth, NH 03801, United States of America: International Association of Privacy Professionals (IAPP).
947:
Benoit, Michael A.; Munro, Nicole (2001). "Recent federal privacy initiatives affecting the electronic delivery of financial services".
725:
103:
1721:
1695:
1655:
324:
64:
354:
1898:
1819:
1804:
1700:
1564:
745:
74:
defines financial records as any documentation of a consumer's relationship with a financial institution. The act required that the
1265:. 75 Rochester Ave., Suite 4, Portsmouth, NH 03801, United States of America: International Association of Privacy Professionals.
401:
The information is needed to identify and protect from fraudulent activity as well as prosecute those responsible for such attacks
1587:
190:
1774:
1705:
1670:
695:
172:
138:
26:
1996:
1976:
1930:
1893:
1799:
1754:
68:
60:
22:
893:
Hickerson, Kristina (2001). "CONSUMER PRIVACY PROTECTION: A CALL FOR REFORM IN AN ERA OF FINANCIAL SERVICES MODERNIZATION".
379:
The California Consumer Privacy Act was passed in 2018 to protect any and all California residents' nonpublic information.
1903:
1734:
1709:
715:
152:
Financial institutions must create privacy policies, if one was not already in place, and inform customers of their policy
1764:
1370:
1286:
1142:
518:
to protect privacy of financial information. Financial privacy is defined by the first four articles in the regulation.
337:
34:
1784:
1393:
Huber, Elizabeth A.; Lovoy, Elena A. (2004). "Update on State Consumer Financial Privacy Legislation and Regulation".
785:
Doheny Sr., Donald A.; Forrer, John Graydon (1992). "Electronic Access to Account Information and Financial Privacy".
567:
Financial institutions are required to inform customers of their privacy policy with an understandable notification.
1182:
Vanderwoude, Neil (2009). "The Fair Credit Reporting Act: Fair for Consumers, Fair for Credit Reporting Agencies".
440:
If the company generates greater than or equal to 50% of their revenue by selling California residents' information
582:
Categories which affiliated and nonaffiliated parties the financial institutions disclose information to fall into
2016:
1960:
1940:
1665:
1625:
705:
268:
214:
207:
30:
536:
176:
43:
33:. Provisions within other laws like the Credit and Debit Card Receipt Clarification Act of 2007 as well as the
210:
was passed in 1970 to regulate credit agencies and promote fair and secure handling of consumer information.
2011:
2006:
1878:
1660:
422:
The information is needed to meet the requirements in which the consumer initially provided the information
2052:
1650:
1645:
1592:
588:
Whether a financial institution has shared information with a nonaffiliated third party under an exception
809:
Green, Mary Catherine (1989). "The Bank Secrecy Act and the Common Law: In Search of Financial Privacy".
437:
If the company holds personal information of 50,000 or more California residents, households, and devices
2031:
1602:
1557:
1850:
1635:
710:
690:
874:
Jones, Sarah Elizabeth (1988). "Right to Financial Privacy: Emerging Standards of Bank Compliance".
2067:
1935:
1920:
1870:
1607:
700:
221:
Credit reports and investigative reports must be differentiated so that any irrelevant is not mixed
2107:
1364:
1280:
1136:
1068:
735:
730:
142:
1203:"H.R.4008 - 110th Congress (2007-2008): Credit and Debit Card Receipt Clarification Act of 2007"
1202:
2077:
1860:
1266:
1122:
573:
Privacy notifications must include the nine points of information outlined by the regulation:
194:
2125:
1991:
1950:
1888:
1840:
1597:
1550:
1060:
750:
675:
471:
credit report" as any information that falls within credit reports is protected by the act.
306:
18:
1855:
1845:
410:
The information is needed to stay compliant with the California Communications Privacy Act
394:
Companies can deny a consumer's request to erase personal information under 9 conditions:
1528:
Solove, Daniel J.; Hartzog, Woodrow (2014). "The FTC and the New Common Law of Privacy".
570:
Customers must be notified every 12 months of the financial institution's privacy policy.
514:
Regulation B-2018-01: Privacy of Consumer Financial and Health Information was passed in
246:
entitled to reparations as a result of any damages from any misuse of their information.
995:
Lacker, Jeffrey M. (2002). "The economics of financial privacy: To opt out or opt in?".
597:
The financial institution's policies regarding protecting consumer financial information
2092:
2072:
1945:
239:
99:
1470:"Regulation B-2018-01 Privacy of Consumer Financial and Health Information Regulation"
148:
Protection of information is generally elaborated through three set rules in the act:
2140:
2062:
2057:
1955:
1915:
1910:
1263:
California Privacy Law Practical Guide and Commentary U.S. Federal and California Law
230:
Agencies must give consumers access to their own files if they ever should request it
2102:
1883:
685:
600:
If any information has been shared using exceptions authorized under the regulation
535:
Licensed or registered individuals engaging in financial activities defined by the
541:
Mortgage brokers, mortgage loan originators, lenders, and sales finance companies
2097:
1617:
740:
591:
A outline of the methods in which a customer can exercise their right to opt-in
2082:
353:
was enacted in 2010 to bring about reforms to the financial system after the
227:
The subject of a report must be notified of any request for their information
2047:
413:
The information is needed to conduct statistical research of public interest
224:
Reports can only be made available to those with "legitimate business needs"
217:
attempts to limit the dissemination of information through five main rules:
1498:
416:
The information is needed to meet obligations with the consumer in question
510:
Regulation B-2018-01: Privacy of Consumer Financial and Health Information
1021:"The Fair Credit Reporting Act: Are Business Credit Reports Regulated?".
404:
The information is needed to identify and fix problems with functionality
1051:
Garon, Lenore Cooper (1972). "Protecting privacy in credit reporting ".
1573:
1072:
528:
The regulation defines financial institutions through nine conditions:
515:
1163:
McCorkell, Peter L. (2009). "Fair Credit Reporting Act Update-2008".
1064:
86:
The government can access financial records through six exceptions:
2087:
2026:
434:
If the company has annual gross revenues of $ 25 million or more
1546:
315:
years and are obligated to report any suspicious transactions.
579:
What information the financial institution chooses to share
1542:
351:
Dodd-Frank Wall Street Reform and Consumer Protection Act
345:
Dodd-Frank Wall Street Reform and Consumer Protection Act
919:
Cuaresma, Jolina (2002). "The Gramm-Leach-Bliley Act".
46:
provide enforcement for financial privacy regulations.
997:
Economic Quarterly - Federal Reserve Bank of Richmond
532:
Financial institutions defined by the Vermont statues
811:
Arizona Journal of International and Comparative Law
2040:
1969:
1869:
1833:
1720:
1616:
1580:
576:
What information the financial institution collects
419:
The information is needed to meet legal obligations
398:
The information is needed to complete a transaction
391:to reflect newly required information disclosures.
2022:International Association of Privacy Professionals
63:was passed in 1978 primarily as a response to the
466:California Consumer Credit Reporting Agencies Act
407:The information is needed to exercise free speech
265:Fair and Accurate Credit Transactions Act (FACTA)
1987:Computer Professionals for Social Responsibility
1357:California Privacy Law Supplement to 3rd Edition
292:Credit and Debit Card Receipt Clarification Act
1558:
61:Right to Financial Privacy Act of 1978 (RFPA)
8:
848:University of Michigan Journal of Law Reform
267:was passed by Congress in 2003 to amend the
1117:Swire, Peter; Kennedy-Mayo, DeBrae (2018).
647:Consumer Financial Protection Bureau (CFPB)
1565:
1551:
1543:
1477:Vermont Department of Financial Regulation
325:Fair Debt Collection Practices Act (FDCPA)
2152:Financial regulation in the United States
259:Fair and Accurate Credit Transactions Act
1350:
1348:
1346:
1344:
1342:
1340:
1338:
1336:
1334:
1332:
1330:
1328:
1326:
1324:
1322:
1320:
1318:
1316:
1256:
1254:
1252:
1250:
1248:
1246:
1244:
1242:
1112:
1110:
1108:
1106:
1104:
1102:
721:FTC regulation of behavioral advertising
1523:
1521:
1519:
1464:
1462:
1460:
1458:
1456:
1454:
1452:
1450:
1448:
1446:
1444:
1442:
1440:
1438:
1436:
1434:
1432:
1430:
1428:
1314:
1312:
1310:
1308:
1306:
1304:
1302:
1300:
1298:
1296:
1240:
1238:
1236:
1234:
1232:
1230:
1228:
1226:
1224:
1222:
1100:
1098:
1096:
1094:
1092:
1090:
1088:
1086:
1084:
1082:
762:
1426:
1424:
1422:
1420:
1418:
1416:
1414:
1412:
1410:
1408:
1388:
1386:
1384:
1382:
1380:
1362:
1278:
1158:
1156:
1154:
1152:
1134:
1046:
1044:
1042:
1040:
1038:
1036:
1016:
1014:
1012:
1010:
966:
964:
962:
840:
838:
836:
834:
832:
830:
828:
826:
824:
2002:Electronic Privacy Information Center
942:
940:
938:
936:
934:
914:
912:
910:
908:
869:
867:
865:
863:
861:
804:
802:
800:
780:
778:
776:
774:
772:
770:
768:
766:
93:Customer authorization giving consent
7:
972:"eCFR — Code of Federal Regulations"
681:Bank regulation in the United States
359:Consumer Financial Protection Bureau
83:access to a customer's information.
40:Consumer Financial Protection Bureau
1982:Center for Democracy and Technology
726:Identity theft in the United States
104:Federal Rules of Criminal Procedure
319:Fair Debt Collection Practices Act
141:was enacted in 1999 to repeal the
14:
746:Privacy laws of the United States
175:was implemented into GLBA by the
2147:Privacy law in the United States
2121:
2120:
1588:Right of access to personal data
559:Subsidiaries of any of the above
537:Bank Holding Company Act of 1956
269:Fair Credit Reporting Act (FCRA)
208:Fair Credit Reporting Act (FCRA)
191:Federal Reserve Bank of Richmond
921:Berkeley Technology Law Journal
696:Customer Identification Program
375:California Consumer Privacy Act
1997:Electronic Frontier Foundation
1977:American Civil Liberties Union
1931:Privacy-enhancing technologies
656:Federal Trade Commission (FTC)
556:Foreign financial institutions
479:Right to Financial Privacy Act
177:Federal Trade Commission (FTC)
55:Right to Financial Privacy Act
23:Right to Financial Privacy Act
1:
716:FTC fair information practice
338:Electronic Funds Transfer Act
332:Electronic Funds Transfer Act
139:Gramm-Leach-Bliley Act (GLBA)
35:Electronic Funds Transfer Act
621:permission from the consumer
492:Song-Beverly Credit Card Act
70:United States v. Miller 1976
1722:Data protection authorities
1201:Tim, Mahoney (2008-06-03).
1119:U.S. Private-Sector Privacy
544:Independent trust companies
2168:
1926:Social networking services
2116:
2017:Global Network Initiative
1961:Virtual assistant privacy
1941:Privacy-invasive software
1355:Determan, Lothar (2018).
1261:Determan, Lothar (2018).
895:Administrative Law Review
706:Electronic funds transfer
202:Fair Credit Reporting Act
31:Fair Credit Reporting Act
1503:Federal Trade Commission
1369:: CS1 maint: location (
1285:: CS1 maint: location (
1141:: CS1 maint: location (
44:Federal Trade Commission
2012:Future of Privacy Forum
2007:European Digital Rights
1184:Southwestern Law Review
547:Money service providers
2053:Cellphone surveillance
1970:Advocacy organizations
1593:Expectation of privacy
553:Loan service providers
449:California Privacy Act
312:United States Treasury
133:Gramm-Leach-Bliley Act
111:Formal written request
96:Administrative summons
27:Gramm-Leach-Bliley Act
2032:Privacy International
1603:Right to be forgotten
357:and to establish the
355:2008 financial crisis
711:Financial regulation
691:Credit rating agency
2068:Global surveillance
1936:Privacy engineering
1921:Personal identifier
1871:Information privacy
1608:Post-mortem privacy
1530:Columbia Law Review
1395:The Business Lawyer
1165:The Business Lawyer
1053:Stanford Law Review
949:The Business Lawyer
876:Banking Law Journal
787:Banking Law Journal
701:Consumer protection
642:Regulatory Agencies
90:Grand jury subpoena
2108:Personality rights
1029:: 1229–1251. 1972.
736:Know your customer
731:Information broker
284:The Red Flags Rule
143:Glass-Steagall Act
2134:
2133:
2078:Mass surveillance
1272:978-0-9983223-8-4
1128:978-0-9983223-6-0
275:The Disposal Rule
195:Jeffrey M. Lacker
108:Judicial subpoena
102:issued under the
2159:
2124:
2123:
1992:Data Privacy Lab
1951:Privacy software
1598:Right to privacy
1567:
1560:
1553:
1544:
1538:
1537:
1525:
1514:
1513:
1511:
1510:
1495:
1489:
1488:
1486:
1484:
1479:. March 15, 2018
1474:
1466:
1403:
1402:
1390:
1375:
1374:
1368:
1360:
1352:
1291:
1290:
1284:
1276:
1258:
1217:
1216:
1214:
1213:
1207:www.congress.gov
1198:
1192:
1191:
1179:
1173:
1172:
1160:
1147:
1146:
1140:
1132:
1114:
1077:
1076:
1048:
1031:
1030:
1023:Duke Law Journal
1018:
1005:
1004:
992:
986:
985:
983:
982:
968:
957:
956:
944:
929:
928:
916:
903:
902:
890:
884:
883:
871:
856:
855:
842:
819:
818:
806:
795:
794:
782:
751:Tenant screening
676:Background check
307:Bank Secrecy Act
301:Bank Secrecy Act
19:Bank Secrecy Act
2167:
2166:
2162:
2161:
2160:
2158:
2157:
2156:
2137:
2136:
2135:
2130:
2112:
2036:
1965:
1865:
1829:
1716:
1710:amended in 2020
1612:
1576:
1571:
1541:
1527:
1526:
1517:
1508:
1506:
1497:
1496:
1492:
1482:
1480:
1472:
1468:
1467:
1406:
1392:
1391:
1378:
1361:
1354:
1353:
1294:
1277:
1273:
1260:
1259:
1220:
1211:
1209:
1200:
1199:
1195:
1181:
1180:
1176:
1162:
1161:
1150:
1133:
1129:
1116:
1115:
1080:
1065:10.2307/1227952
1050:
1049:
1034:
1020:
1019:
1008:
994:
993:
989:
980:
978:
970:
969:
960:
946:
945:
932:
918:
917:
906:
892:
891:
887:
873:
872:
859:
844:
843:
822:
808:
807:
798:
784:
783:
764:
760:
755:
671:
658:
649:
644:
512:
507:
494:
481:
468:
451:
377:
372:
367:
347:
334:
321:
303:
294:
286:
277:
261:
252:
204:
186:
173:Safeguards Rule
169:
167:Safeguards Rule
135:
126:
76:U.S. government
57:
52:
12:
11:
5:
2165:
2163:
2155:
2154:
2149:
2139:
2138:
2132:
2131:
2129:
2128:
2117:
2114:
2113:
2111:
2110:
2105:
2100:
2095:
2093:Search warrant
2090:
2085:
2080:
2075:
2073:Identity theft
2070:
2065:
2060:
2055:
2050:
2044:
2042:
2038:
2037:
2035:
2034:
2029:
2024:
2019:
2014:
2009:
2004:
1999:
1994:
1989:
1984:
1979:
1973:
1971:
1967:
1966:
1964:
1963:
1958:
1953:
1948:
1946:Privacy policy
1943:
1938:
1933:
1928:
1923:
1918:
1913:
1908:
1907:
1906:
1901:
1896:
1886:
1881:
1875:
1873:
1867:
1866:
1864:
1863:
1858:
1853:
1848:
1843:
1837:
1835:
1831:
1830:
1828:
1827:
1825:United Kingdom
1822:
1817:
1812:
1807:
1802:
1797:
1792:
1787:
1782:
1777:
1772:
1767:
1762:
1757:
1752:
1747:
1742:
1740:European Union
1737:
1732:
1726:
1724:
1718:
1717:
1715:
1714:
1713:
1712:
1698:
1696:United Kingdom
1693:
1688:
1683:
1678:
1673:
1668:
1663:
1658:
1656:European Union
1653:
1648:
1643:
1638:
1633:
1628:
1622:
1620:
1614:
1613:
1611:
1610:
1605:
1600:
1595:
1590:
1584:
1582:
1578:
1577:
1572:
1570:
1569:
1562:
1555:
1547:
1540:
1539:
1515:
1490:
1404:
1376:
1292:
1271:
1218:
1193:
1174:
1148:
1127:
1078:
1032:
1006:
987:
958:
930:
904:
885:
857:
820:
796:
761:
759:
756:
754:
753:
748:
743:
738:
733:
728:
723:
718:
713:
708:
703:
698:
693:
688:
683:
678:
672:
670:
667:
657:
654:
648:
645:
643:
640:
639:
638:
635:
627:
626:
622:
618:
611:
610:
607:
603:
602:
601:
598:
595:
592:
589:
586:
583:
580:
577:
571:
568:
561:
560:
557:
554:
551:
550:Debt adjusters
548:
545:
542:
539:
533:
511:
508:
506:
503:
493:
490:
480:
477:
467:
464:
450:
447:
442:
441:
438:
435:
424:
423:
420:
417:
414:
411:
408:
405:
402:
399:
376:
373:
371:
368:
366:
363:
346:
343:
333:
330:
320:
317:
302:
299:
293:
290:
285:
282:
276:
273:
260:
257:
251:
248:
235:
234:
231:
228:
225:
222:
203:
200:
185:
182:
168:
165:
160:
159:
156:
153:
134:
131:
125:
122:
113:
112:
109:
106:
100:Search warrant
97:
94:
91:
56:
53:
51:
48:
13:
10:
9:
6:
4:
3:
2:
2164:
2153:
2150:
2148:
2145:
2144:
2142:
2127:
2119:
2118:
2115:
2109:
2106:
2104:
2101:
2099:
2096:
2094:
2091:
2089:
2086:
2084:
2081:
2079:
2076:
2074:
2071:
2069:
2066:
2064:
2063:Eavesdropping
2061:
2059:
2058:Data security
2056:
2054:
2051:
2049:
2046:
2045:
2043:
2039:
2033:
2030:
2028:
2025:
2023:
2020:
2018:
2015:
2013:
2010:
2008:
2005:
2003:
2000:
1998:
1995:
1993:
1990:
1988:
1985:
1983:
1980:
1978:
1975:
1974:
1972:
1968:
1962:
1959:
1957:
1956:Secret ballot
1954:
1952:
1949:
1947:
1944:
1942:
1939:
1937:
1934:
1932:
1929:
1927:
1924:
1922:
1919:
1917:
1916:Personal data
1914:
1912:
1909:
1905:
1902:
1900:
1897:
1895:
1892:
1891:
1890:
1887:
1885:
1882:
1880:
1877:
1876:
1874:
1872:
1868:
1862:
1859:
1857:
1854:
1852:
1849:
1847:
1844:
1842:
1839:
1838:
1836:
1832:
1826:
1823:
1821:
1818:
1816:
1813:
1811:
1808:
1806:
1803:
1801:
1798:
1796:
1793:
1791:
1788:
1786:
1783:
1781:
1778:
1776:
1773:
1771:
1768:
1766:
1763:
1761:
1758:
1756:
1753:
1751:
1748:
1746:
1743:
1741:
1738:
1736:
1733:
1731:
1728:
1727:
1725:
1723:
1719:
1711:
1707:
1704:
1703:
1702:
1701:United States
1699:
1697:
1694:
1692:
1689:
1687:
1684:
1682:
1679:
1677:
1674:
1672:
1669:
1667:
1664:
1662:
1659:
1657:
1654:
1652:
1649:
1647:
1644:
1642:
1639:
1637:
1634:
1632:
1629:
1627:
1624:
1623:
1621:
1619:
1615:
1609:
1606:
1604:
1601:
1599:
1596:
1594:
1591:
1589:
1586:
1585:
1583:
1579:
1575:
1568:
1563:
1561:
1556:
1554:
1549:
1548:
1545:
1535:
1531:
1524:
1522:
1520:
1516:
1504:
1500:
1494:
1491:
1478:
1471:
1465:
1463:
1461:
1459:
1457:
1455:
1453:
1451:
1449:
1447:
1445:
1443:
1441:
1439:
1437:
1435:
1433:
1431:
1429:
1427:
1425:
1423:
1421:
1419:
1417:
1415:
1413:
1411:
1409:
1405:
1400:
1396:
1389:
1387:
1385:
1383:
1381:
1377:
1372:
1366:
1358:
1351:
1349:
1347:
1345:
1343:
1341:
1339:
1337:
1335:
1333:
1331:
1329:
1327:
1325:
1323:
1321:
1319:
1317:
1315:
1313:
1311:
1309:
1307:
1305:
1303:
1301:
1299:
1297:
1293:
1288:
1282:
1274:
1268:
1264:
1257:
1255:
1253:
1251:
1249:
1247:
1245:
1243:
1241:
1239:
1237:
1235:
1233:
1231:
1229:
1227:
1225:
1223:
1219:
1208:
1204:
1197:
1194:
1189:
1185:
1178:
1175:
1170:
1166:
1159:
1157:
1155:
1153:
1149:
1144:
1138:
1130:
1124:
1120:
1113:
1111:
1109:
1107:
1105:
1103:
1101:
1099:
1097:
1095:
1093:
1091:
1089:
1087:
1085:
1083:
1079:
1074:
1070:
1066:
1062:
1058:
1054:
1047:
1045:
1043:
1041:
1039:
1037:
1033:
1028:
1024:
1017:
1015:
1013:
1011:
1007:
1002:
998:
991:
988:
977:
973:
967:
965:
963:
959:
954:
950:
943:
941:
939:
937:
935:
931:
926:
922:
915:
913:
911:
909:
905:
900:
896:
889:
886:
881:
877:
870:
868:
866:
864:
862:
858:
853:
849:
841:
839:
837:
835:
833:
831:
829:
827:
825:
821:
816:
812:
805:
803:
801:
797:
792:
788:
781:
779:
777:
775:
773:
771:
769:
767:
763:
757:
752:
749:
747:
744:
742:
739:
737:
734:
732:
729:
727:
724:
722:
719:
717:
714:
712:
709:
707:
704:
702:
699:
697:
694:
692:
689:
687:
684:
682:
679:
677:
674:
673:
668:
666:
662:
655:
653:
646:
641:
636:
632:
631:
630:
623:
619:
616:
615:
614:
608:
604:
599:
596:
593:
590:
587:
584:
581:
578:
575:
574:
572:
569:
566:
565:
564:
558:
555:
552:
549:
546:
543:
540:
538:
534:
531:
530:
529:
526:
522:
519:
517:
509:
504:
502:
498:
491:
489:
485:
478:
476:
472:
465:
463:
459:
455:
448:
446:
439:
436:
433:
432:
431:
428:
421:
418:
415:
412:
409:
406:
403:
400:
397:
396:
395:
392:
388:
384:
380:
374:
369:
364:
362:
360:
356:
352:
344:
342:
339:
331:
329:
326:
318:
316:
313:
308:
300:
298:
291:
289:
283:
281:
274:
272:
270:
266:
258:
256:
249:
247:
243:
241:
240:Red Flag Rule
232:
229:
226:
223:
220:
219:
218:
216:
211:
209:
201:
199:
196:
192:
183:
181:
178:
174:
166:
164:
157:
154:
151:
150:
149:
146:
144:
140:
132:
130:
123:
121:
117:
110:
107:
105:
101:
98:
95:
92:
89:
88:
87:
84:
80:
77:
72:
71:
66:
65:Supreme Court
62:
54:
49:
47:
45:
41:
36:
32:
28:
24:
20:
2103:Human rights
1618:Privacy laws
1533:
1529:
1507:. Retrieved
1505:. 2013-06-07
1502:
1499:"What We Do"
1493:
1481:. Retrieved
1476:
1401:: 1227–1240.
1398:
1394:
1356:
1262:
1210:. Retrieved
1206:
1196:
1187:
1183:
1177:
1168:
1164:
1118:
1056:
1052:
1026:
1022:
1000:
996:
990:
979:. Retrieved
976:www.ecfr.gov
975:
955:: 1143–1156.
952:
948:
924:
920:
898:
894:
888:
879:
875:
851:
847:
814:
810:
790:
786:
686:Bank secrecy
663:
659:
650:
628:
613:Article III
612:
562:
527:
523:
520:
513:
499:
495:
486:
482:
473:
469:
460:
456:
452:
443:
429:
425:
393:
389:
385:
381:
378:
348:
335:
322:
304:
295:
287:
278:
262:
253:
244:
236:
212:
205:
187:
170:
161:
147:
136:
127:
118:
114:
85:
81:
69:
58:
50:Federal laws
15:
2098:Wiretapping
1810:Switzerland
1795:South Korea
1785:Philippines
1775:Netherlands
1770:Isle of Man
1691:Switzerland
1671:New Zealand
1483:October 31,
1059:: 550–567.
741:Privacy law
634:institution
629:Article IV
563:Article II
2141:Categories
2083:Panopticon
1706:California
1581:Principles
1536:: 583–676.
1509:2018-11-08
1212:2018-11-08
1190:: 395–412.
1171:: 579–792.
981:2018-11-01
927:: 497–517.
901:: 781–801.
817:: 261–286.
793:: 436–455.
758:References
521:Article I
370:California
365:State laws
250:Criticisms
184:Criticisms
124:Criticisms
67:ruling on
29:, and the
2048:Anonymity
1884:Financial
1861:Workplace
1851:Education
1760:Indonesia
1730:Australia
1686:Sri Lanka
1681:Singapore
1626:Australia
1365:cite book
1281:cite book
1137:cite book
2126:Category
2041:See also
1894:Facebook
1889:Internet
1841:Consumer
1815:Thailand
882:: 37–51.
854:: 10–52.
669:See also
625:purposes
42:and the
1904:Twitter
1856:Medical
1846:Digital
1765:Ireland
1750:Germany
1735:Denmark
1661:Germany
1651:England
1646:Denmark
1574:Privacy
1073:1227952
1003:: 1–16.
606:changes
516:Vermont
505:Vermont
1899:Google
1820:Turkey
1805:Sweden
1790:Poland
1780:Norway
1745:France
1676:Russia
1636:Canada
1631:Brazil
1269:
1125:
1071:
25:, the
2088:PRISM
1911:Email
1834:Areas
1800:Spain
1755:India
1666:Ghana
1641:China
1473:(PDF)
1069:JSTOR
445:act.
2027:NOYB
1485:2018
1371:link
1287:link
1267:ISBN
1143:link
1123:ISBN
349:The
336:The
323:The
305:The
263:The
215:FCRA
213:The
206:The
171:The
137:The
59:The
1879:Law
1534:114
1061:doi
880:105
791:109
2143::
1708:,
1532:.
1518:^
1501:.
1475:.
1407:^
1399:59
1397:.
1379:^
1367:}}
1363:{{
1295:^
1283:}}
1279:{{
1221:^
1205:.
1188:39
1186:.
1169:64
1167:.
1151:^
1139:}}
1135:{{
1081:^
1067:.
1057:24
1055:.
1035:^
1025:.
1009:^
1001:88
999:.
974:.
961:^
953:56
951:.
933:^
925:17
923:.
907:^
899:53
897:.
878:.
860:^
852:13
850:.
823:^
813:.
799:^
789:.
765:^
361:.
193:,
21:,
1566:e
1559:t
1552:v
1512:.
1487:.
1373:)
1289:)
1275:.
1215:.
1145:)
1131:.
1075:.
1063::
1027:6
984:.
815:7
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.