Section



[Code of Federal Regulations]
[Title 16, Volume 1]
[Revised as of January 1, 2005]
From the U.S. Government Printing Office via GPO Access
[CITE: 16CFR313.1]

[Page 388-389]
 
                     TITLE 16--COMMERCIAL PRACTICES
 
                   CHAPTER I--FEDERAL TRADE COMMISSION
 
PART 313_PRIVACY OF CONSUMER FINANCIAL INFORMATION--Table of Contents
 
Sec. 313.1  Purpose and scope.




Sec.
313.1 Purpose and scope.
313.2 Rule of construction.
313.3 Definitions.

                  Subpart A_Privacy and Opt Out Notices

313.4 Initial privacy notice to consumers required.
313.5 Annual privacy notice to customers required.
313.6 Information to be included in privacy notices.
313.7 Form of opt out notice to consumers; opt out methods.
313.8 Revised privacy notices.
313.9 Delivering privacy and opt out notices.

                     Subpart B_Limits on Disclosures

313.10 Limitation on disclosure of nonpublic personal information to 
          nonaffiliated third parties.
313.11 Limits on redisclosure and reuse of information.
313.12 Limits on sharing account number information for marketing 
          purposes.

                          Subpart C_Exceptions

313.13 Exception to opt out requirements for service providers and joint 
          marketing.
313.14 Exceptions to notice and opt out requirements for processing and 
          servicing transactions.
313.15 Other exceptions to notice and opt out requirements.

            Subpart D_Relation to Other Laws; Effective Date

313.16 Protection of Fair Credit Reporting Act.
313.17 Relation to State laws.
313.18 Effective date; transition rule.

Appendix A to Part 313--Sample Clauses

    Authority: 15 U.S.C. 6801 et seq.

    Source: 65 FR 33677, May 24, 2000, unless otherwise noted.


    (a) Purpose. This part governs the treatment of nonpublic personal 
information about consumers by the financial institutions listed in 
paragraph (b) of this section. This part:
    (1) Requires a financial institution in specified circumstances to 
provide notice to customers about its privacy policies and practices;
    (2) Describes the conditions under which a financial institution may 
disclose nonpublic personal information about consumers to nonaffiliated 
third parties; and
    (3) Provides a method for consumers to prevent a financial 
institution from disclosing that information to most nonaffiliated third 
parties by ``opting out'' of that disclosure, subject to the exceptions 
in Sec. Sec. 313.13, 313.14, and 313.15.
    (b) Scope. This part applies only to nonpublic personal information 
about individuals who obtain financial products or services primarily 
for personal, family or household purposes from the institutions listed 
below. This part does not apply to information about companies or about 
individuals who obtain financial products or services for

[[Page 389]]

business, commercial, or agricultural purposes. This part applies to 
those ``financial institutions'' and ``other persons'' over which the 
Federal Trade Commission (``Commission'') has enforcement authority 
pursuant to Section 505(a)(7) of the Gramm-Leach-Bliley Act. An entity 
is a ``financial institution'' if its business is engaging in a 
financial activity as described in Section 4(k) of the Bank Holding 
Company Act of 1956, 12 U.S.C. 1843(k), which incorporates by reference 
activities enumerated by the Federal Reserve Board in 12 CFR 211.5(d) 
and 12 CFR 225.28. The ``financial institutions'' subject to the 
Commission's enforcement authority are those that are not otherwise 
subject to the enforcement authority of another regulator under Section 
505 of the Gramm-Leach-Bliley Act. More specifically, those entities 
include, but are not limited to, mortgage lenders, ``pay day'' lenders, 
finance companies, mortgage brokers, account servicers, check cashers, 
wire transferors, travel agencies operated in connection with financial 
services, collection agencies, credit counselors and other financial 
advisors, tax preparation firms, non-federally insured credit unions, 
and investment advisors that are not required to register with the 
Securities and Exchange Commission. They are referred to in this part as 
``You.'' The ``other persons'' to whom this part applies are third 
parties that are not financial institutions, but that receive nonpublic 
personal information from financial institutions with whom they are not 
affiliated. Nothing in this part modifies, limits, or supersedes the 
standards governing individually identifiable health information 
promulgated by the Secretary of Health and Human Services under the 
authority of sections 262 and 264 of the Health Insurance Portability 
and Accountability Act of 1996, 42 U.S.C. 1320d-1320d-8. Any institution 
of higher education that complies with the Federal Educational Rights 
and Privacy Act (``FERPA''), 20 U.S.C. 1232g, and its implementing 
regulations, 34 CFR part 99, and that is also a financial institution 
subject to the requirements of this part, shall be deemed to be in 
compliance with this part if it is in compliance with FERPA.