[Code of Federal Regulations] [Title 12 Volume 1] [Revised as of January 1, 2004] From the U.S. Government Printing Office via GPO Access [CITE: 12CFR40.15] [Page 372-373] TITLE 12--BANKS AND BANKING CHAPTER I--COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY PART 40--PRIVACY OF CONSUMER FINANCIAL INFORMATION--Table of Contents Subpart C--Exceptions Sec. 40.15 Other exceptions to notice and opt out requirements. (a) Exceptions to opt out requirements. The requirements for initial notice to consumers in Sec. 40.4(a)(2), the opt out in Sec. Sec. 40.7 and 40.10, and service providers and joint marketing in Sec. 40.13 do not apply when a bank discloses nonpublic personal information: (1) With the consent or at the direction of the consumer, provided that the consumer has not revoked the consent or direction; (2) (i) To protect the confidentiality or security of a bank's records pertaining to the consumer, service, product, or transaction; (ii) To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; (iii) For required institutional risk control or for resolving consumer disputes or inquiries; (iv) To persons holding a legal or beneficial interest relating to the consumer; or (v) To persons acting in a fiduciary or representative capacity on behalf of the consumer; (3) To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating a bank, persons that are assessing the bank's compliance with industry standards, and the bank's attorneys, accountants, and auditors; (4) To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies (including a federal functional regulator, the Secretary of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records and Reports on Monetary Instruments and Transactions) and 12 U.S.C. Chapter 21 (Financial Recordkeeping), a State insurance authority, with respect to any person domiciled in that insurance authority's State that is engaged in providing insurance, and the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety; (5)(i) To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.); or (ii) From a consumer report reported by a consumer reporting agency; (6) In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of such business or unit; or [[Page 373]] (7)(i) To comply with Federal, State, or local laws, rules and other applicable legal requirements; (ii) To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by Federal, State, or local authorities; or (iii) To respond to judicial process or government regulatory authorities having jurisdiction over a bank for examination, compliance, or other purposes as authorized by law. (b) Examples of consent and revocation of consent. (1) A consumer may specifically consent to a bank's disclosure to a nonaffiliated insurance company of the fact that the consumer has applied to the bank for a mortgage so that the insurance company can offer homeowner's insurance to the consumer. (2) A consumer may revoke consent by subsequently exercising the right to opt out of future disclosures of nonpublic personal information as permitted under Sec. 40.7(f).