Articles

23Oct

Financial Privacy: Best Practices for Survey, Opinion and Marketing Researchers

The Gramm-Leach-Bliley (GLB) Act is a federal law concerned, in part, with privacy and security of consumer financial information. The GLB Act restricts disclosure of consumers’ “nonpublic personal information” by “financial institutions”. Financial institutions are required to provide notices to their customers about their information-collection and information-sharing practices. Consumers may decide to “opt out” if they do not want their information shared with nonaffiliated third parties. The GLB Act provides specific exceptions under which a financial institution may share customer information with a third party and the consumer may not opt out. All financial institutions are required to provide consumers with a notice and opt-out opportunity before they may disclose information to nonaffiliated third parties (with certain caveats).

What is a “Financial Institution” Under GLB?

The term ''financial institution'' means, in general, any institution engaged in the business of providing financial services to customers who maintain a credit, deposit, trust, or other financial account or relationship with the institution. Under the Rules promulgated by the FTC, an institution must be significantly engaged in financial activities to be considered a “financial institution.”

What is Nonpublic Personal Information under GLB?

Under GLB, nonpublic personal information includes nonpublic personally identifiable financial information, as well as any list, description, or other grouping of consumers (and publicly available information pertaining to them) derived using any personally identifiable financial information that is not publicly available. "Personally Identifiable Financial Information" is defined as any information a consumer provides to obtain a financial product or service, any information about a consumer resulting from any transaction involving a financial product or service, or any information otherwise obtained about a consumer in connection with providing a financial product or service.

How Can Researchers Acquire Customers’ Non-Public Personal Information Under GLB?

Under GLB, survey and opinion researchers can receive nonpublic personal information from financial institutions in two main scenarios:

  • Where the financial institutions’ consumers and customers have been provided with notice of such disclosure and they have not opted out of such disclosure.
  • Alternatively, through an exception in the law (6801(2)), financial institutions -- though still required to provide notice to their customers about their information sharing practices -- can disseminate their customers’ nonpublic personal information with third parties who provide services for the financial institution (i.e. survey research companies conducting research for the financial institution) and do so without the required opt out of the other provisions. Please note however, under the exception, the financial institution must enter into a contractual agreement with the third party (i.e. survey researchers), requiring the third party to maintain the confidentiality of the information.

The information provided in this document is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any given laws/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

New York Child Data Privacy and Protection Act - S. 9563

New York Child Data Privacy and Protection Act - S. 9563

The New York Child Data Privacy and Protection Act (S. 9563) is legislation modeled on a recent Cali...

Read More >
Will Lame Duck Congress Advance a Kids Privacy Bill?

Will Lame Duck Congress Advance a Kids Privacy Bill?

​​​​​​​Senate Commerce Committee Chair Maria Cantwell is pushing to pass a pair of bills aime...

Read More >
Fighting for You: November 2022 Legislative and Regulatory Update

Fighting for You: November 2022 Legislative and Regulatory Update

With American Thanksgiving now in the rearview mirror, let’s look back at the biggest challenges th...

Read More >
CPRA Regulations Nearly Complete as Insights Association Makes Final Recommendations

CPRA Regulations Nearly Complete as Insights Association Makes Final Recommendations

The leading trade association for the insights industry shared in its final thoughts with California...

Read More >
Congress Should Drive Federal Privacy Regulation, Not FTC, Urge Data-Driven Industry Groups

Congress Should Drive Federal Privacy Regulation, Not FTC, Urge Data-Driven Industry Groups

The Insights Association (IA) and a dozen other data-driven industry groups called upon Congress to ...

Read More >
California 2022 Privacy Legislation Round-up: Wins, Losses and New Laws

California 2022 Privacy Legislation Round-up: Wins, Losses and New Laws

​​​​​​​As usual, we’ve had some wins in California as legislators have tried to amend the Ca...

Read More >
Members only Article - Please login to view