IBA Compliance Connection

Your go to source for compliance!

Should our marketing policy require customers to opt-out of our affiliate marketing, or should it require an opt-in?

by

admin

There are three different areas of law requiring opt-ins and opt-outs:

  • The Illinois Banking Act requires customers to opt in before institutions can share any financial information. 205 ILCS 5/48.1(c).
  • The federal privacy regulations under the Gramm-Leach-Bliley Act (GLBA) require only that customers can opt out from disclosures of their personal information to non-affiliated third parties. 12 CFR 216.7.
  • Further, the Fair Credit Reporting Act (FCRA) requires that customers can opt out from solicitations based on credit reports. 15 USC 1681s-3.

The Illinois DFPR’s Interpretive Letter 01-01 compares the requirements under the GLBA regulations and the Illinois Banking Act and concludes that Illinois’s opt in requirement is not preempted by the federal opt out requirement. Therefore, both requirements apply — Illinois banks must have a customer opt in before sharing customer information, and cannot share customer information after receiving an opt out.