View all text of Subchapter I [§ 6801 - § 6809]
§ 6803. Disclosure of institution privacy policy
(a) Disclosure requiredAt the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship, a financial institution shall provide a clear and conspicuous disclosure to such consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 6804 of this title, of such financial institution’s policies and practices with respect to—
(1) disclosing nonpublic personal information to affiliates and nonaffiliated third parties, consistent with section 6802 of this title, including the categories of information that may be disclosed;
(2) disclosing nonpublic personal information of persons who have ceased to be customers of the financial institution; and
(3) protecting the nonpublic personal information of consumers.
(b) Regulations
(c) Information to be includedThe disclosure required by subsection (a) shall include—
(1) the policies and practices of the institution with respect to disclosing nonpublic personal information to nonaffiliated third parties, other than agents of the institution, consistent with section 6802 of this title, and including—
(A) the categories of persons to whom the information is or may be disclosed, other than the persons to whom the information may be provided pursuant to section 6802(e) of this title; and
(B) the policies and practices of the institution with respect to disclosing of nonpublic personal information of persons who have ceased to be customers of the financial institution;
(2) the categories of nonpublic personal information that are collected by the financial institution;
(3) the policies that the institution maintains to protect the confidentiality and security of nonpublic personal information in accordance with section 6801 of this title; and
(4) the disclosures required, if any, under section 1681a(d)(2)(A)(iii) of this title.
(d) Exemption for certified public accountants
(1) In generalThe disclosure requirements of subsection (a) do not apply to any person, to the extent that the person is—
(A) a certified public accountant;
(B) certified or licensed for such purpose by a State; and
(C) subject to any provision of law, rule, or regulation issued by a legislative or regulatory body of the State, including rules of professional conduct or ethics, that prohibits disclosure of nonpublic personal information without the knowing and expressed consent of the consumer.
(2) Limitation
(3) Definitions
(e) Model forms
(1) In general
(2) FormatA model form developed under paragraph (1) shall—
(A) be comprehensible to consumers, with a clear format and design;
(B) provide for clear and conspicuous disclosures;
(C) enable consumers easily to identify the sharing practices of a financial institution and to compare privacy practices among financial institutions; and
(D) be succinct, and use an easily readable type font.
(3) Timing
(4) Safe harbor
(f) Exception to annual notice requirementA financial institution that—
(1) provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 6802 of this title or regulations prescribed under section 6804(b) of this title, and
(2) has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this section,
shall not be required to provide an annual disclosure under this section until such time as the financial institution fails to comply with any criteria described in paragraph (1) or (2).
(Pub. L. 106–102, title V, § 503, Nov. 12, 1999, 113 Stat. 1439; Pub. L. 109–351, title VI, § 609, title VII, § 728, Oct. 13, 2006, 120 Stat. 1983, 2003; Pub. L. 114–94, div. G, title LXXV, § 75001, Dec. 4, 2015, 129 Stat. 1787.)