There is a federal law that affords consumers significant say over the privacy of their financial information while still allowing financial institutions to share information for normal business purposes. This Act covers banks, savings and loan institutions, credit unions, insurance companies, securities firms, and even some retailers and automobile dealers that extend or make arrangements for consumer credit.
There may be more forms of personal information gathered by the institutions than you realize. They may have credit reports and records of how much you buy and borrow, where you shop, and how well or poorly you pay your bills on time.
The Act protects your financial privacy in three basic ways: First, in a privacy notice, the institution must tell you what kinds of information it collects and the types of businesses that may be provided with it. Institutions must send out a privacy notice once a year. Second, if the institution is going to share your information with anybody outside its corporate family, it must give you the opportunity to “opt out” of that kind of information sharing. The third layer of protection requires the institutions to describe how they will go about protecting the confidentiality and security of your information.
A privacy notice from your bank may not be the kind of mail you rip open with eager anticipation, but you should take the time to look it over carefully all the same. Somewhere in the formal verbiage you should look especially for these items:
What kinds of information may be shared, both with affiliated companies and with outsiders? Don’t expect great specificity on this in the notice itself. The Act requires only a description of basic categories of information, with some examples.
What information can you not prevent your financial institution from sharing? Recognizing some circumstances in which the institutions should be allowed to share financial information with outsiders without the consumer’s consent, the Act does not allow you to stop the sharing of information that is needed to help conduct normal business (such as for outside firms that process data or mail statements); to protect against fraud or unauthorized transactions; to comply with a court order; or to comply with a “ joint marketing agreement” entered into with another institution.
How do you go about “opting out” of the sharing of information of outside entities? Sounds simple enough, but the institution may require you to exercise this option by calling a specific phone number or by completing a form and mailing it to a particular address. If you opt out by phone, to be safe you may want to follow up with a written version, keeping a copy for your records.