Privacy Notices

​​​​​​​​​​​Bureau Home​   /   Consumer Tips and Information   ​/   Identity Theft​​​   /   Privacy Notices

This content is also available as a downloadable fact sheet PDF.​

​​​Acceda a ​esta pági​na en español​.

​​​One way to protect your privacy is to learn how an organization will use your personal information before you give it out. Many companies you do business with are required to give you privacy notices that explain their information-sharing practices. In turn, you have the right to limit some – but not all – sharing of your information. The Gramm-Leach-Bliley Act (12 U.S.C. – 15 U.S.C.​) balances your right to privacy with a company's need to provide information for normal business purposes.

Privacy notices explain what personal financial information a company collects; whether the company intends to share your personal financial information with other companies; what you can do to limit some of that sharing; and how the company protects your personal financial information. The bottom line is that it is important to read these privacy notices. They explain how a company handles and shares your personal financial information. Not all privacy notices are the same.

Companies involved in financial activities that must send their customers privacy notices include:

  • banks, savings and loans, and credit unions

  • insurance companies

  • securities and commodities brokerage firms

  • retailers that issue their own credit cards (like department stores or gas stations)

  • mortgage brokers; automobile dealerships that extend or arrange financing or leasing

  • check cashers and payday lenders

  • financial advisors and credit counseling services

  • companies that sell money orders or travelers checks

Financial companies share information for many reasons: to offer you more services, to introduce new products, and to profit from the information they have about you. If you want to know about other products and services, you may want your financial company to share your personal financial information; in this case, you do not need to respond to the privacy notice. If you prefer to limit the promotions you receive – or you do not want marketers and others to have your personal financial information – you must take some important steps.

Under the Gramm-Leach-Bliley Act (12 U.S.C. – 15 U.S.C.​)

You have the right to opt out of some information sharing with companies that are not part of the same corporate group as your financial company (non-affiliates). If the information being shared comes from your credit report, you also have the right to opt out of such sharing with companies affiliated with your financial company. Financial companies can share certain types of information about you without giving you the right to opt out.

Opting out means

If you opt out, you limit the extent to which the company can provide your personal financial information. If you do not opt out within a "reasonable period of time" – generally, about 30 days after the company mails you the notice – then the company is free to share certain personal financial information. If you did not opt out the first time you received a privacy notice from a financial company, it is not too late. You can always change your mind and opt out of certain information sharing. Ask your financial company for instructions on how to opt out. But remember, any personal financial information that was shared before you opted out cannot be retrieved.

Your right to opt out

A privacy notice contains information about the company's data collection and information sharing policies. If a financial company does not plan to share your information except as allowed by law; the notice will say so. In this instance, you do not have a right to opt out.

If the company plans to share your information outside of the same corporate group (a non-affiliate), you have the right to opt out in most circumstances. The privacy notice will include instructions on how to opt out. Unless you opt out, your financial company can share your personal financial information with non-affiliates for marketing and other purposes. There are some types of information sharing that you cannot opt out of, however. You cannot opt out if the company is sharing your information in order to market its own products or services, or if the company is reporting your information to credit reporting companies.

If the company plans to share information from your credit report within the same corporate group (an affiliate), you have a right to opt out. Read your notices carefully to see if this type of opt out applies. Companies can, however, share information about you with affiliates when the information is based solely on your transactions with that company, including whether you pay your bills on time and the type of accounts you have with the company.

If you want to opt out of information sharing, you must follow the directions provided by the company.

In some cases, your financial company may give you the choice to opt out of different types of sharing. You could opt out of certain categories of information the company provides to other companies but allow the company to share other kinds of information.

Credit reporting companies also may sell information about you to lenders and insurers who use the information to decide whether to send you unsolicited offers of credit or insurance. This is known as prescreening. You can opt out of receiving prescreened offers by visiting or calling 1-888-567-8688.

Types of privacy notices:

  • The Initial Privacy Notice. Usually, you will get a privacy notice when you become a customer of a financial company. If you open an account by phone, however, and you agree, the company may send you a notice later.

  • Annual Privacy Notices. Each financial company you have an ongoing relationship with – for example, the bank where you have a checking account, your credit card company, or a company that services your mortgage loan – must give you a notice of its privacy policy annually.

  • Notice of Changes in Privacy Policies. If a company changes its privacy policy, it will send you a revised privacy notice or tell you about the changes in the company's next annual notice.

A privacy notice may be included as an insert with your monthly statement or bill, or it may be sent to you separately. If you agree to electronic delivery from an on-line financial company, the notice may be sent to you via e-mail or made available to you on the company's website.

If you have more than one account with the same company, you may get one privacy notice for all your accounts, or separate notices for each account.

If you have a joint account, the financial company may send a notice to one of you or to each person listed on the account. If the company offers an opportunity to opt out, it must let one of the account holders opt out for all parties on the account. You may request separate notices, however.

Laws affecting your personal financial privacy

Two federal laws cover different aspects of how companies can share your financial information:

  • Fair Credit Reporting Act (FCRA) (15 U.S.C. § 1681)

    The FCRA protects the privacy of certain information distributed by consumer reporting companies, which gather and sell information about you, like where you live, how you pay your bills, whether you have been sued, arrested or have filed for bankruptcy. Under the law, consumer-reporting companies can only release your information to third parties that have a permissible purpose to obtain it, like creditors, insurers, employers, and other businesses that use it to evaluate your applications for credit, insurance, employment or renting a home. When a financial company gets your credit report, it may want to share that information with an affiliate – a company that owns your financial company that your financial company owns or that is part of the same parent organization or corporate family. Under the FCRA, however, if the financial company plans to share certain information – for example, from your credit report or your credit application – with its affiliates, it will usually first notify you and give you an opportunity to opt out. This notice is likely to be included in the privacy notice you get from the financial company under the GLBA.

  • Gramm-Leach-Bliley Act (GLBA) (12 U.S.C. – 15 U.S.C.​​​)

    Under the GLBA, financial companies must tell you about their policies regarding the privacy of your personal financial information. With some exceptions, the law limits the ability of financial companies to share your personal financial information with certain non-affiliates without first notifying you about the sharing and providing you with an opportunity to opt out. A non-affiliate is a company that is unrelated to your financial company.

    Under the GLBA, your financial company can provide your personal financial information to certain non-affiliated companies, including service providers and joint marketers – companies that have an agreement with your financial company to offer you other financial products or services – without providing you with an opportunity to opt out. But before it shares your information with other third-party non-affiliates, your financial company must tell you about its information sharing practices and give you the opportunity to opt out.