[Code of Federal Regulations]
[Title 17, Volume 1]
[Revised as of April 1, 2007]
From the U.S. Government Printing Office via GPO Access
[CITE: 17CFR160.30]
[Page 590-592]
TITLE 17--COMMODITY AND SECURITIES EXCHANGES
CHAPTER I--COMMODITY FUTURES TRADING COMMISSION
PART 160_PRIVACY OF CONSUMER FINANCIAL INFORMATION--Table of Contents
Subpart D_Relation to Other Laws; Effective Date
Sec. 160.30 Procedures to safeguard customer records and information.
Every futures commission merchant, commodity trading advisor,
commodity pool operator and introducing broker subject to the
jurisdiction of the Commission must adopt policies and procedures that
address administrative, technical and physical safeguards for the
protection of customer records and information. These policies and
procedures must be reasonably designed to:
(a) Insure the security and confidentiality of customer records and
information;
(b) Protect against any anticipated threats or hazards to the
security or integrity of customer records and information; and
(c) Protect against unauthorized access to or use of customer
records or information that could result in substantial harm or
inconvenience to any customer.
Appendix to Part 160--Sample Clauses
Financial institutions, including a group of financial holding
company affiliates that use a common privacy notice, may use the
following sample clauses, if the clause is accurate for each institution
that uses the notice. Note that disclosure of certain information, such
as assets, income and information from a consumer reporting agency, may
give rise to obligations under the Fair Credit Reporting Act, such as a
requirement to permit a consumer to opt out of disclosures to affiliates
or designation as a consumer reporting agency if disclosures are made to
nonaffiliated third parties.
[[Page 591]]
A-1--Categories of Information You Collect (All Institutions)
You may use this clause, as applicable, to meet the requirement of
Sec. 160.6(a)(1) to describe the categories of nonpublic personal
information you collect.
Sample Clause A-1
We collect nonpublic personal information about you from the
following sources:
Information we receive from you on applications
or other forms;
Information about your transactions with us, our
affiliates or others; and
Information we receive from a consumer reporting
agency.
A-2--Categories of Information You Disclose (Institutions That Disclose
Outside of the Exceptions)
You may use one of these clauses, as applicable, to meet the
requirement of Sec. 160.6(a)(2) to describe the categories of nonpublic
personal information you disclose. You may use these clauses if you
disclose nonpublic personal information other than as permitted by the
exceptions in Sec. Sec. 160.13, 160.14 and 160.15.
Sample Clause A-2, Alternative 1
We may disclose the following kinds of nonpublic personal
information about you:
Information we receive from you on applications
or other forms, such as [provide illustrative examples, such as ``your
name, address, social security number, assets and income''];
Information about your transactions with us, our
affiliates or others, such as [provide illustrative examples, such as
``your account balance, payment history, parties to transactions and
credit card usage'']; and
Information we receive from a consumer reporting
agency, such as [provide illustrative examples, such as ``your
creditworthiness and credit history''].
Sample Clause A-2, Alternative 2
We may disclose all of the information that we collect, as described
[describe location in the notice, such as ``above'' or ``below''].
A-3--Categories of Information You Disclose and Parties to Whom You
Disclose (Institutions That Do Not Disclose Outside of the Exceptions)
You may use this clause, as applicable, to meet the requirements of
Sec. Sec. 160.6(a)(2), (3) and (4) to describe the categories of
nonpublic personal information about customers and former customers that
you disclose and the categories of affiliates and nonaffiliated third
parties to whom you disclose. You may use this clause if you do not
disclose nonpublic personal information to any party, other than as is
permitted by the exceptions in Sec. Sec. 160.14 and 160.15.
Sample Clause A-3
We do not disclose any nonpublic personal information about our
customers or former customers to anyone, except as permitted by law.
A-4--Categories of Parties to Whom You Disclose (Institutions That
Disclose Outside of the Exceptions)
You may use this clause, as applicable, to meet the requirement of
Sec. 160.6(a)(3) to describe the categories of affiliates and
nonaffiliated third parties to whom you disclose nonpublic personal
information. You may use this clause if you disclose nonpublic personal
information other than as permitted by the exceptions in Sec. Sec.
160.13, 160.14 and 160.15, as well as when permitted by the exceptions
in Sec. Sec. 160.14 and 160.15.
Sample Clause A-4
We may disclose nonpublic personal information about you to the
following types of third parties:
Financial service providers, such as [provide
illustrative examples, such as ``mortgage bankers''];
Non-financial companies, such as [provide
illustrative examples, such as ``retailers, direct marketers, airlines
and publishers'']; and
Others, such as [provide illustrative examples,
such as ``non-profit organizations''].
We may also disclose nonpublic personal information about you to
nonaffiliated third parties as permitted by law.
A-5--Service Provider/Joint Marketing Exception
You may use one of these clauses, as applicable, to meet the
requirements of Sec. 160.6(a)(5) related to the exception for service
providers and joint marketers in Sec. 160.13. If you disclose nonpublic
personal information under this exception, you must describe the
categories of nonpublic personal information you disclose and the
categories of third parties with whom you have contracted.
Sample Clause A-5, Alternative 1
We may disclose the following information to companies that perform
marketing services on our behalf or to other financial institutions with
which we have joint marketing agreements:
Information we receive from you on applications
or other forms, such as [provide illustrative examples, such as ``your
name, address, social security number, assets and income''];
Information about your transactions with us, our
affiliates, or others, such as
[[Page 592]]
[provide illustrative examples, such as ``your account balance, payment
history, parties to transactions and credit card usage'']; and
Information we receive from a consumer reporting
agency, such as [provide illustrative examples, such as ``your
creditworthiness and credit history''].
Sample Clause A-5, Alternative 2
We may disclose all of the information we collect, as described
[describe location in the notice, such as ``above'' or ``below''] to
companies that perform marketing services on our behalf or to other
financial institutions with which we have joint marketing agreements.
A-6--Explanation of Opt Out Right (Institutions That Disclose Outside of
the Exceptions)
You may use this clause, as applicable, to meet the requirement of
Sec. 160.6(a)(6) to provide an explanation of the consumer's right to
opt out of the disclosure of nonpublic personal information to
nonaffiliated third parties, including the method(s) by which the
consumer may exercise that right. You may use this clause if you
disclose nonpublic personal information other than as permitted by the
exceptions in Sec. Sec. 160.13, 160.14 and 160.15.
Sample Clause A-6
If you prefer that we not disclose nonpublic personal information
about you to nonaffiliated third parties you may opt out of those
disclosures; that is, you may direct us not to make those disclosures
(other than disclosures permitted or required by law). If you wish to
opt out of disclosures to nonaffiliated third parties, you may [describe
a reasonable means of opting out, such as ``call the following toll-free
number: (insert number)''].
A-7--Confidentiality and Security (All Institutions)
You may use this clause, as applicable, to meet the requirement of
Sec. 160.6(a)(8) to describe your policies and practices with respect
to protecting the confidentiality and security of nonpublic personal
information.
Sample Clause A-7
We restrict access to nonpublic personal information about you to
[provide an appropriate description, such as ``those employees who need
to know that information to provide products or services to you'']. We
maintain physical, electronic and procedural safeguards that comply with
federal standards to safeguard your nonpublic personal information.