[Code of Federal Regulations] [Title 17, Volume 3] [Revised as of April 1, 2004] From the U.S. Government Printing Office via GPO Access [CITE: 17CFR248.1] [Page 556] TITLE 17--COMMODITY AND SECURITIES EXCHANGES CHAPTER II--SECURITIES AND EXCHANGE COMMISSION (CONTINUED) PART 248_REGULATION S P: PRIVACY OF CONSUMER FINANCIAL INFORMATION--Table of Contents Sec. 248.1 Purpose and scope. Sec. 248.1 Purpose and scope. 248.2 Rule of construction. 248.3 Definitions. Subpart A_Privacy and Opt Out Notices 248.4 Initial privacy notice to consumers required. 248.5 Annual privacy notice to customers required. 248.6 Information to be included in privacy notices. 248.7 Form of opt out notice to consumers; opt out methods. 248.8 Revised privacy notices. 248.9 Delivering privacy and opt out notices. Subpart B_Limits on Disclosures 248.10 Limits on disclosure of nonpublic personal information to nonaffiliated third parties. 248.11 Limits on redisclosure and reuse of information. 248.12 Limits on sharing account number information for marketing purposes. Subpart C_Exceptions 248.13 Exception to opt out requirements for service providers and joint marketing. 248.14 Exceptions to notice and opt out requirements for processing and servicing transactions. 248.15 Other exceptions to notice and opt out requirements. Subpart D_Relation to Other Laws; Effective Date 248.16 Protection of Fair Credit Reporting Act. 248.17 Relation to State laws. 248.18 Effective date; transition rule. 248.19-248.29 [Reserved] 248.30 Procedures to safeguard customer records and information. Appendix A to Part 248--Sample Clauses Authority: 15 U.S.C. 6801-6809; 15 U.S.C. 78q, 78w, 80a-30(a), 80a- 37, 80b-4, and 80b-11. Source: 65 FR 40362, June 29, 2000, unless otherwise noted. (a) Purpose. This part governs the treatment of nonpublic personal information about consumers by the financial institutions listed in paragraph (b) of this section. This part: (1) Requires a financial institution to provide notice to customers about its privacy policies and practices; (2) Describes the conditions under which a financial institution may disclose nonpublic personal information about consumers to nonaffiliated third parties; and (3) Provides a method for consumers to prevent a financial institution from disclosing that information to most nonaffiliated third parties by ``opting out'' of that disclosure, subject to the exceptions in Sec. Sec. 248.13, 248.14, and 248.15. (b) Scope. This part applies only to nonpublic personal information about individuals who obtain financial products or services primarily for personal, family, or household purposes from the institutions listed below. This part does not apply to information about companies or about individuals who obtain financial products or services primarily for business, commercial, or agricultural purposes. This part applies to brokers, dealers, and investment companies, as well as to investment advisers that are registered with the Commission. It also applies to foreign (non-resident) brokers, dealers, investment companies and investment advisers that are registered with the Commission. These entities are referred to in this part as ``you.'' This part does not apply to foreign (non-resident) brokers, dealers, investment companies and investment advisers that are not registered with the Commission. Nothing in this part modifies, limits, or supersedes the standards governing individually identifiable health information promulgated by the Secretary of Health and Human Services under the authority of sections 262 and 264 of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d-1320d-8).