[Code of Federal Regulations] [Title 12 Volume 1] [Revised as of January 1, 2004] From the U.S. Government Printing Office via GPO Access [CITE: 12CFR40.3] [Page 358-362] TITLE 12--BANKS AND BANKING CHAPTER I--COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY PART 40--PRIVACY OF CONSUMER FINANCIAL INFORMATION--Table of Contents Sec. 40.3 Definitions. As used in this part, unless the context requires otherwise: (a) Affiliate means any company that controls, is controlled by, or is under common control with another company. (b)(1) Clear and conspicuous means that a notice is reasonably understandable and designed to call attention to the nature and significance of the information in the notice. (2) Examples. (i) Reasonably understandable. A bank makes its notice reasonably understandable if it: (A) Presents the information in the notice in clear, concise sentences, paragraphs, and sections; (B) Uses short explanatory sentences or bullet lists whenever possible; (C) Uses definite, concrete, everyday words and active voice whenever possible; (D) Avoids multiple negatives; (E) Avoids legal and highly technical business terminology whenever possible; and (F) Avoids explanations that are imprecise and readily subject to different interpretations. (ii) Designed to call attention. A bank designs its notice to call attention to the nature and significance of the information in it if the bank: (A) Uses a plain-language heading to call attention to the notice; (B) Uses a typeface and type size that are easy to read; (C) Provides wide margins and ample line spacing; (D) Uses boldface or italics for key words; and (E) In a form that combines the bank's notice with other information, [[Page 359]] uses distinctive type size, style, and graphic devices, such as shading or sidebars, when you combine your notice with other information. (iii) Notices on web sites. If a bank provides a notice on a web page, the bank designs its notice to call attention to the nature and significance of the information in it if the bank uses text or visual cues to encourage scrolling down the page if necessary to view the entire notice and ensure that other elements on the web site (such as text, graphics, hyperlinks, or sound) do not distract attention from the notice, and the bank either: (A) Places the notice on a screen that consumers frequently access, such as a page on which transactions are conducted; or (B) Places a link on a screen that consumers frequently access, such as a page on which transactions are conducted, that connects directly to the notice and is labeled appropriately to convey the importance, nature, and relevance of the notice. (c) Collect means to obtain information that the bank organizes or can retrieve by the name of an individual or by identifying number, symbol, or other identifying particular assigned to the individual, irrespective of the source of the underlying information. (d) Company means any corporation, limited liability company, business trust, general or limited partnership, association, or similar organization. (e)(1) Consumer means an individual who obtains or has obtained a financial product or service from a bank that is to be used primarily for personal, family, or household purposes, or that individual's legal representative. (2) Examples. (i) An individual who applies to a bank for credit for personal, family, or household purposes is a consumer of a financial service, regardless of whether the credit is extended. (ii) An individual who provides nonpublic personal information to a bank in order to obtain a determination about whether he or she may qualify for a loan to be used primarily for personal, family, or household purposes is a consumer of a financial service, regardless of whether the loan is extended. (iii) An individual who provides nonpublic personal information to a bank in connection with obtaining or seeking to obtain financial, investment, or economic advisory services is a consumer regardless of whether the bank establishes a continuing advisory relationship. (iv) If a bank holds ownership or servicing rights to an individual's loan that is used primarily for personal, family, or household purposes, the individual is the bank's consumer, even if the bank holds those rights in conjunction with one or more other institutions. (The individual is also a consumer with respect to the other financial institutions involved.) An individual who has a loan in which a bank has ownership or servicing rights is the bank's consumer, even if the bank, or another institution with those rights, hires an agent to collect on the loan. (v) An individual who is a consumer of another financial institution is not a bank's consumer solely because the bank acts as agent for, or provides processing or other services to, that financial institution. (vi) An individual is not a bank's consumer solely because he or she has designated the bank as trustee for a trust. (vii) An individual is not a bank's consumer solely because he or she is a beneficiary of a trust for which the bank is a trustee. (viii) An individual is not a bank's consumer solely because he or she is a participant or a beneficiary of an employee benefit plan that the bank sponsors or for which the bank acts as a trustee or fiduciary. (f) Consumer reporting agency has the same meaning as in section 603(f) of the Fair Credit Reporting Act (15 U.S.C. 1681a(f)). (g) Control of a company means: (1) Ownership, control, or power to vote 25 percent or more of the outstanding shares of any class of voting security of the company, directly or indirectly, or acting through one or more other persons; (2) Control in any manner over the election of a majority of the directors, trustees, or general partners (or individuals exercising similar functions) of the company; or [[Page 360]] (3) The power to exercise, directly or indirectly, a controlling influence over the management or policies of the company, as the OCC determines. (h) Customer means a consumer who has a customer relationship with a bank. (i)(1) Customer relationship means a continuing relationship between a consumer and a bank under which the bank provides one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes. (2) Examples. (i) Continuing relationship. A consumer has a continuing relationship with a bank if the consumer: (A) Has a deposit or investment account with the bank; (B) Obtains a loan from the bank; (C) Has a loan for which you own the servicing rights; (D) Purchases an insurance product from the bank; (E) Holds an investment product through the bank, such as when the bank acts as a custodian for securities or for assets in an Individual Retirement Arrangement; (F) Enters into an agreement or understanding with the bank whereby the bank undertakes to arrange or broker a home mortgage loan for the consumer; (G) Enters into a lease of personal property with the bank; or (H) Obtains financial, investment, or economic advisory services from the bank for a fee. (ii) No continuing relationship. A consumer does not, however, have a continuing relationship with a bank if: (A) The consumer obtains a financial product or service only in isolated transactions, such as using the bank's ATM to withdraw cash from an account at another financial institution or purchasing a cashier's check or money order; (B) The bank sells the consumer's loan and does not retain the rights to service that loan; or (C) The bank sells the consumer airline tickets, travel insurance, or traveler's checks in isolated transactions. (j) Federal functional regulator means: (1) The Board of Governors of the Federal Reserve System; (2) The Office of the Comptroller of the Currency; (3) The Board of Directors of the Federal Deposit Insurance Corporation; (4) The Director of the Office of Thrift Supervision; (5) The National Credit Union Administration Board; and (6) The Securities and Exchange Commission. (k)(1) Financial institution means any institution the business of which is engaging in activities that are financial in nature or incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). (2) Financial institution does not include: (i) Any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq.); (ii) The Federal Agricultural Mortgage Corporation or any entity chartered and operating under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.); or (iii) Institutions chartered by Congress specifically to engage in securitizations, secondary market sales (including sales of servicing rights), or similar transactions related to a transaction of a consumer, as long as such institutions do not sell or transfer nonpublic personal information to a nonaffiliated third party. (l)(1) Financial product or service means any product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). (2) Financial service includes a bank's evaluation or brokerage of information that the bank collects in connection with a request or an application from a consumer for a financial product or service. (m)(1) Nonaffiliated third party means any person except: (i) A bank's affiliate; or (ii) A person employed jointly by a bank and any company that is not the bank's affiliate (but nonaffiliated third party includes the other company that jointly employs the person). [[Page 361]] (2) Nonaffiliated third party includes any company that is an affiliate solely by virtue of a bank's (or its affiliate's) direct or indirect ownership or control of the company in conducting merchant banking or investment banking activities of the type described in section 4(k)(4)(H) or insurance company investment activities of the type described in section 4(k)(4)(I) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)(4)(H) and (I)). (n)(1) Nonpublic personal information means: (i) Personally identifiable financial information; and (ii) Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available. (2) Nonpublic personal information does not include: (i) Publicly available information, except as included on a list described in paragraph (n)(1)(ii) of this section; or (ii) Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any personally identifiable financial information that is not publicly available. (3) Examples of lists. (i) Nonpublic personal information includes any list of individuals' names and street addresses that is derived in whole or in part using personally identifiable financial information that is not publicly available, such as account numbers. (ii) Nonpublic personal information does not include any list of individuals' names and addresses that contains only publicly available information, is not derived in whole or in part using personally identifiable financial information that is not publicly available, and is not disclosed in a manner that indicates that any of the individuals on the list is a consumer of a financial institution. (o)(1) Personally identifiable financial information means any information: (i) A consumer provides to a bank to obtain a financial product or service from the bank; (ii) About a consumer resulting from any transaction involving a financial product or service between a bank and a consumer; or (iii) The bank otherwise obtains about a consumer in connection with providing a financial product or service to that consumer. (2) Examples. (i) Information included. Personally identifiable financial information includes: (A) Information a consumer provides to a bank on an application to obtain a loan, credit card, or other financial product or service; (B) Account balance information, payment history, overdraft history, and credit or debit card purchase information; (C) The fact that an individual is or has been one of the bank's customers or has obtained a financial product or service from the bank; (D) Any information about the bank's consumer if it is disclosed in a manner that indicates that the individual is or has been the bank's consumer; (E) Any information that a consumer provides to a bank or that the bank or its agent otherwise obtains in connection with collecting on a loan or servicing a loan; (F) Any information the bank collects through an Internet ``cookie'' (an information collecting device from a web server); and (G) Information from a consumer report. (ii) Information not included. Personally identifiable financial information does not include: (A) A list of names and addresses of customers of an entity that is not a financial institution; and (B) Information that does not identify a consumer, such as aggregate information or blind data that does not contain personal identifiers such as account numbers, names, or addresses. (p)(1) Publicly available information means any information that a bank has a reasonable basis to believe is lawfully made available to the general public from: (i) Federal, State, or local government records; (ii) Widely distributed media; or (iii) Disclosures to the general public that are required to be made by Federal, State, or local law. [[Page 362]] (2) Reasonable basis. A bank has a reasonable basis to believe that information is lawfully made available to the general public if the bank has taken steps to determine: (i) That the information is of the type that is available to the general public; and (ii) Whether an individual can direct that the information not be made available to the general public and, if so, that the bank's consumer has not done so. (3) Examples. (i) Government records. Publicly available information in government records includes information in government real estate records and security interest filings. (ii) Widely distributed media. Publicly available information from widely distributed media includes information from a telephone book, a television or radio program, a newspaper, or a web site that is available to the general public on an unrestricted basis. A web site is not restricted merely because an Internet service provider or a site operator requires a fee or a password, so long as access is available to the general public. (iii) Reasonable basis. (A) A bank has a reasonable basis to believe that mortgage information is lawfully made available to the general public if the bank has determined that the information is of the type included on the public record in the jurisdiction where the mortgage would be recorded. (B) A bank has a reasonable basis to believe that an individual's telephone number is lawfully made available to the general public if the bank has located the telephone number in the telephone book or the consumer has informed you that the telephone number is not unlisted.