Financial Privacy: Best Practices for Survey, Opinion and Marketing Researchers - Articles

Articles

23Oct

Financial Privacy: Best Practices for Survey, Opinion and Marketing Researchers

The Gramm-Leach-Bliley (GLB) Act is a federal law concerned, in part, with privacy and security of consumer financial information. The GLB Act restricts disclosure of consumers’ “nonpublic personal information” by “financial institutions”. Financial institutions are required to provide notices to their customers about their information-collection and information-sharing practices. Consumers may decide to “opt out” if they do not want their information shared with nonaffiliated third parties. The GLB Act provides specific exceptions under which a financial institution may share customer information with a third party and the consumer may not opt out. All financial institutions are required to provide consumers with a notice and opt-out opportunity before they may disclose information to nonaffiliated third parties (with certain caveats).

What is a “Financial Institution” Under GLB?

The term ''financial institution'' means, in general, any institution engaged in the business of providing financial services to customers who maintain a credit, deposit, trust, or other financial account or relationship with the institution. Under the Rules promulgated by the FTC, an institution must be significantly engaged in financial activities to be considered a “financial institution.”

What is Nonpublic Personal Information under GLB?

Under GLB, nonpublic personal information includes nonpublic personally identifiable financial information, as well as any list, description, or other grouping of consumers (and publicly available information pertaining to them) derived using any personally identifiable financial information that is not publicly available. "Personally Identifiable Financial Information" is defined as any information a consumer provides to obtain a financial product or service, any information about a consumer resulting from any transaction involving a financial product or service, or any information otherwise obtained about a consumer in connection with providing a financial product or service.

How Can Researchers Acquire Customers’ Non-Public Personal Information Under GLB?

Under GLB, survey and opinion researchers can receive nonpublic personal information from financial institutions in two main scenarios:

  • Where the financial institutions’ consumers and customers have been provided with notice of such disclosure and they have not opted out of such disclosure.
  • Alternatively, through an exception in the law (6801(2)), financial institutions -- though still required to provide notice to their customers about their information sharing practices -- can disseminate their customers’ nonpublic personal information with third parties who provide services for the financial institution (i.e. survey research companies conducting research for the financial institution) and do so without the required opt out of the other provisions. Please note however, under the exception, the financial institution must enter into a contractual agreement with the third party (i.e. survey researchers), requiring the third party to maintain the confidentiality of the information.

The information provided in this document is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any given laws/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Fighting for You: February 2024 Legislative and Regulatory Update

Fighting for You: February 2024 Legislative and Regulatory Update

This month, the Insights Association focused on extensive artificial intelligence legislation at the...

Read More >
Washington Health Data Privacy Law Coming into Effect March 31, 2024

Washington Health Data Privacy Law Coming into Effect March 31, 2024

The insights industry is running out of time to comply with the Washington My Health My Data Act, a ...

Read More >
Learning From Consumer Complaints Under Virginia Privacy Law

Learning From Consumer Complaints Under Virginia Privacy Law

A recent analysis of the first year of consumer complaints under the Virginia Consumer Data Protecti...

Read More >
New CPRA Rules Suddenly Take Effect Thanks to California Court Decision

New CPRA Rules Suddenly Take Effect Thanks to California Court Decision

A California court ruled that new regulations for the California Privacy Rights Act (CPRA) / Califor...

Read More >
Connecticut Privacy Law Enforcement After First Six Months

Connecticut Privacy Law Enforcement After First Six Months

A new report on the first six months of enforcing the Connecticut Data Privacy Act (CTDPA) provides ...

Read More >
Fighting for You: January 2024 Legislative and Regulatory Update

Fighting for You: January 2024 Legislative and Regulatory Update

Kicking off another year of advocacy for the insights industry, the Insights Association focused in ...

Read More >
Members only Article - Please login to view