Financial Privacy: Best Practices for Survey, Opinion and Marketing Researchers
The Gramm-Leach-Bliley (GLB) Act is a federal law concerned, in part, with privacy and security of consumer financial information. The GLB Act restricts disclosure of consumers’ “nonpublic personal information” by “financial institutions”. Financial institutions are required to provide notices to their customers about their information-collection and information-sharing practices. Consumers may decide to “opt out” if they do not want their information shared with nonaffiliated third parties. The GLB Act provides specific exceptions under which a financial institution may share customer information with a third party and the consumer may not opt out. All financial institutions are required to provide consumers with a notice and opt-out opportunity before they may disclose information to nonaffiliated third parties (with certain caveats).
What is a “Financial Institution” Under GLB?
The term ''financial institution'' means, in general, any institution engaged in the business of providing financial services to customers who maintain a credit, deposit, trust, or other financial account or relationship with the institution. Under the Rules promulgated by the FTC, an institution must be significantly engaged in financial activities to be considered a “financial institution.”
What is Nonpublic Personal Information under GLB?
Under GLB, nonpublic personal information includes nonpublic personally identifiable financial information, as well as any list, description, or other grouping of consumers (and publicly available information pertaining to them) derived using any personally identifiable financial information that is not publicly available. "Personally Identifiable Financial Information" is defined as any information a consumer provides to obtain a financial product or service, any information about a consumer resulting from any transaction involving a financial product or service, or any information otherwise obtained about a consumer in connection with providing a financial product or service.
How Can Researchers Acquire Customers’ Non-Public Personal Information Under GLB?
Under GLB, survey and opinion researchers can receive nonpublic personal information from financial institutions in two main scenarios:
- Where the financial institutions’ consumers and customers have been provided with notice of such disclosure and they have not opted out of such disclosure.
- Alternatively, through an exception in the law (6801(2)), financial institutions -- though still required to provide notice to their customers about their information sharing practices -- can disseminate their customers’ nonpublic personal information with third parties who provide services for the financial institution (i.e. survey research companies conducting research for the financial institution) and do so without the required opt out of the other provisions. Please note however, under the exception, the financial institution must enter into a contractual agreement with the third party (i.e. survey researchers), requiring the third party to maintain the confidentiality of the information.
The information provided in this document is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any given laws/legislation and their impact on your particular business.
About the Author