[Code of Federal Regulations] [Title 12, Volume 5] [Revised as of January 1, 2003] From the U.S. Government Printing Office via GPO Access [CITE: 12CFR573.3] [Page 376-380] TITLE 12--BANKS AND BANKING CHAPTER V--OFFICE OF THRIFT SUPERVISION, DEPARTMENT OF THE TREASURY PART 573--PRIVACY OF CONSUMER FINANCIAL INFORMATION--Table of Contents Sec. 573.3 Definitions. As used in this part, unless the context requires otherwise: (a) Affiliate means any company that controls, is controlled by, or is under common control with another company. (b)(1) Clear and conspicuous means that a notice is reasonably understandable and designed to call attention to the nature and significance of the information in the notice. (2) Examples--(i) Reasonably understandable. You make your notice reasonably understandable if you: (A) Present the information in the notice in clear, concise sentences, paragraphs, and sections; (B) Use short explanatory sentences or bullet lists whenever possible; (C) Use definite, concrete, everyday words and active voice whenever possible; (D) Avoid multiple negatives; (E) Avoid legal and highly technical business terminology whenever possible; and [[Page 377]] (F) Avoid explanations that are imprecise and readily subject to different interpretations. (ii) Designed to call attention. You design your notice to call attention to the nature and significance of the information in it if you: (A) Use a plain-language heading to call attention to the notice; (B) Use a typeface and type size that are easy to read; (C) Provide wide margins and ample line spacing; (D) Use boldface or italics for key words; and (E) In a form that combines your notice with other information, use distinctive type size, style, and graphic devices, such as shading or sidebars, when you combine your notice with other information. (iii) Notices on web sites. If you provide a notice on a web page, you design your notice to call attention to the nature and significance of the information in it if you use text or visual cues to encourage scrolling down the page if necessary to view the entire notice and ensure that other elements on the web site (such as text, graphics, hyperlinks, or sound) do not distract attention from the notice, and you either: (A) Place the notice on a screen that consumers frequently access, such as a page on which transactions are conducted; or (B) Place a link on a screen that consumers frequently access, such as a page on which transactions are conducted, that connects directly to the notice and is labeled appropriately to convey the importance, nature, and relevance of the notice. (c) Collect means to obtain information that you organize or can retrieve by the name of an individual or by identifying number, symbol, or other identifying particular assigned to the individual, irrespective of the source of the underlying information. (d) Company means any corporation, limited liability company, business trust, general or limited partnership, association, or similar organization. (e)(1) Consumer means an individual who obtains or has obtained a financial product or service from you that is to be used primarily for personal, family, or household purposes, or that individual's legal representative. (2) Examples--(i) An individual who applies to you for credit for personal, family, or household purposes is a consumer of a financial service, regardless of whether the credit is extended. (ii) An individual who provides nonpublic personal information to you in order to obtain a determination about whether he or she may qualify for a loan to be used primarily for personal, family, or household purposes is a consumer of a financial service, regardless of whether the loan is extended. (iii) An individual who provides nonpublic personal information to you in connection with obtaining or seeking to obtain financial, investment, or economic advisory services is a consumer regardless of whether you establish a continuing advisory relationship. (iv) If you hold ownership or servicing rights to an individual's loan that is used primarily for personal, family, or household purposes, the individual is your consumer, even if you hold those rights in conjunction with one or more other institutions. (The individual is also a consumer with respect to the other financial institutions involved.) An individual who has a loan in which you have ownership or servicing rights is your consumer, even if you, or another institution with those rights, hire an agent to collect on the loan. (v) An individual who is a consumer of another financial institution is not your consumer solely because you act as agent for, or provide processing or other services to, that financial institution. (vi) An individual is not your consumer solely because he or she has designated you as trustee for a trust. (vii) An individual is not your consumer solely because he or she is a beneficiary of a trust for which you are a trustee. (viii) An individual is not your consumer solely because he or she is a participant or a beneficiary of an employee benefit plan that you sponsor or for which you act as a trustee or fiduciary. (f) Consumer reporting agency has the same meaning as in section 603(f) of the Fair Credit Reporting Act (15 U.S.C. 1681a(f)). [[Page 378]] (g) Control of a company means: (1) Ownership, control, or power to vote 25 percent or more of the outstanding shares of any class of voting security of the company, directly or indirectly, or acting through one or more other persons; (2) Control in any manner over the election of a majority of the directors, trustees, or general partners (or individuals exercising similar functions) of the company; or (3) The power to exercise, directly or indirectly, a controlling influence over the management or policies of the company, as the OTS determines. (h) Customer means a consumer who has a customer relationship with you. (i)(1) Customer relationship means a continuing relationship between a consumer and you under which you provide one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes. (2) Examples--(i) Continuing relationship. A consumer has a continuing relationship with you if the consumer: (A) Has a deposit or investment account with you; (B) Obtains a loan from you; (C) Has a loan for which you own the servicing rights; (D) Purchases an insurance product from you; (E) Holds an investment product through you, such as when you act as a custodian for securities or for assets in an Individual Retirement Arrangement; (F) Enters into an agreement or understanding with you whereby you undertake to arrange or broker a home mortgage loan for the consumer; (G) Enters into a lease of personal property with you; or (H) Obtains financial, investment, or economic advisory services from you for a fee. (ii) No continuing relationship. A consumer does not, however, have a continuing relationship with you if: (A) The consumer obtains a financial product or service only in isolated transactions, such as using your ATM to withdraw cash from an account at another financial institution or purchasing a cashier's check or money order; (B) You sell the consumer's loan and do not retain the rights to service that loan; or (C) You sell the consumer airline tickets, travel insurance, or traveler's checks in isolated transactions. (j) Federal functional regulator means: (1) The Board of Governors of the Federal Reserve System; (2) The Office of the Comptroller of the Currency; (3) The Board of Directors of the Federal Deposit Insurance Corporation; (4) The Director of the Office of Thrift Supervision; (5) The National Credit Union Administration Board; and (6) The Securities and Exchange Commission. (k)(1) Financial institution means any institution the business of which is engaging in activities that are financial in nature or incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). (2) Financial institution does not include: (i) Any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq.); (ii) The Federal Agricultural Mortgage Corporation or any entity chartered and operating under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.); or (iii) Institutions chartered by Congress specifically to engage in securitizations, secondary market sales (including sales of servicing rights), or similar transactions related to a transaction of a consumer, as long as such institutions do not sell or transfer nonpublic personal information to a nonaffiliated third party. (l)(1) Financial product or service means any product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). (2) Financial service includes your evaluation or brokerage of information [[Page 379]] that you collect in connection with a request or an application from a consumer for a financial product or service. (m)(1) Nonaffiliated third party means any person except: (i) Your affiliate; or (ii) A person employed jointly by you and any company that is not your affiliate (but nonaffiliated third party includes the other company that jointly employs the person). (2) Nonaffiliated third party includes any company that is an affiliate solely by virtue of your or your affiliate's direct or indirect ownership or control of the company in conducting merchant banking or investment banking activities of the type described in section 4(k)(4)(H) or insurance company investment activities of the type described in section 4(k)(4)(I) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)(4)(H) and (I)). (n)(1) Nonpublic personal information means: (i) Personally identifiable financial information; and (ii) Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available. (2) Nonpublic personal information does not include: (i) Publicly available information, except as included on a list described in paragraph (n)(1)(ii) of this section; or (ii) Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any personally identifiable financial information that is not publicly available. (3) Examples of lists--(i) Nonpublic personal information includes any list of individuals' names and street addresses that is derived in whole or in part using personally identifiable financial information that is not publicly available, such as account numbers. (ii) Nonpublic personal information does not include any list of individuals' names and addresses that contains only publicly available information, is not derived in whole or in part using personally identifiable financial information that is not publicly available, and is not disclosed in a manner that indicates that any of the individuals on the list is a consumer of a financial institution. (o)(1) Personally identifiable financial information means any information: (i) A consumer provides to you to obtain a financial product or service from you; (ii) About a consumer resulting from any transaction involving a financial product or service between you and a consumer; or (iii) You otherwise obtain about a consumer in connection with providing a financial product or service to that consumer. (2) Examples--(i) Information included. Personally identifiable financial information includes: (A) Information a consumer provides to you on an application to obtain a loan, credit card, or other financial product or service; (B) Account balance information, payment history, overdraft history, and credit or debit card purchase information; (C) The fact that an individual is or has been one of your customers or has obtained a financial product or service from you; (D) Any information about your consumer if it is disclosed in a manner that indicates that the individual is or has been your consumer; (E) Any information that a consumer provides to you or that you or your agent otherwise obtain in connection with collecting on a loan or servicing a loan; (F) Any information you collect through an Internet ``cookie'' (an information collecting device from a web server); and (G) Information from a consumer report. (ii) Information not included. Personally identifiable financial information does not include: (A) A list of names and addresses of customers of an entity that is not a financial institution; and (B) Information that does not identify a consumer, such as aggregate information or blind data that does not [[Page 380]] contain personal identifiers such as account numbers, names, or addresses. (p)(1) Publicly available information means any information that you have a reasonable basis to believe is lawfully made available to the general public from: (i) Federal, State, or local government records; (ii) Widely distributed media; or (iii) Disclosures to the general public that are required to be made by Federal, State, or local law. (2) Reasonable basis. You have a reasonable basis to believe that information is lawfully made available to the general public if you have taken steps to determine: (i) That the information is of the type that is available to the general public; and (ii) Whether an individual can direct that the information not be made available to the general public and, if so, that your consumer has not done so. (3) Examples--(i) Government records. Publicly available information in government records includes information in government real estate records and security interest filings. (ii) Widely distributed media. Publicly available information from widely distributed media includes information from a telephone book, a television or radio program, a newspaper, or a web site that is available to the general public on an unrestricted basis. A web site is not restricted merely because an Internet service provider or a site operator requires a fee or a password, so long as access is available to the general public. (iii) Reasonable basis--(A) You have a reasonable basis to believe that mortgage information is lawfully made available to the general public if you have determined that the information is of the type included on the public record in the jurisdiction where the mortgage would be recorded. (B) You have a reasonable basis to believe that an individual's telephone number is lawfully made available to the general public if you have located the telephone number in the telephone book or the consumer has informed you that the telephone number is not unlisted.