IBA Compliance Connection

Your go to source for compliance!

We are preparing to change our privacy notice from not sharing with an affiliate to sharing with an affiliate. We would like to accept opt-outs only through a reply form. Can we put “N/A” in lieu of providing our telephone number and web address? Can you verify that Illinois law does not require an opt-out period of more than 30 days from sending the notice? Does Illinois law exempt commonly-owned affiliates from the opt-in requirement? Does federal law exempt information that is not about creditworthiness from opt-out requirement?

by

admin

Yes, we believe that you may enter “N/A” in lieu of providing a telephone number or internet website for opt-out purposes, since you are providing a reply form as a reasonable means for a customer to exercise the opt-out right. If you are comfortable with modifying the model forms, which is permitted under Regulation P, you may also wish to remove the lines for the telephone number and internet website altogether.

Yes, Illinois law does not require an additional opt-out period beyond the thirty days required by federal law. Of course, a customer may opt-out or rescind an opt-in at any time.

Yes, Illinois law does exempt information sharing with affiliates from the opt-in requirement.

No, there is no exemption from the definition of “personally identifiable financial information” for information that does not relate to a customer’s creditworthiness.

For resources related to our guidance, please see:

  • Regulation P, 12 CFR 1016.7(a)(iv)  (“You may require each consumer to opt out through a specific means, as long as that means is reasonable for that consumer.”)
  • Regulation P, 12 CFR 1016.7(a)(2)(ii)  (“You provide a reasonable means to exercise an opt out right if you: . . .  (B) Include a reply form together with the opt out notice that, in the case of financial institutions described in § 1016.3(l)(3) of this part, includes the address to which the form should be mailed; . . .”)
  • Regulation V, 12 CFR 1022.25(c) (“Each consumer may be required to opt out through a specific means, as long as that means is reasonable and simple for that consumer.”)
  • Regulation V, 12 CFR 1022.25(b) (“Reasonable and simple methods for exercising the opt-out right include: . . .  (ii) Including a reply form and a self-addressed envelope together with the opt-out notice; . . .”)
  • Regulation P, 12 CFR 1016.2(a)  (“. . . use of the model privacy form is not required.”)
  • Savings Bank Act, 205 ILCS 205/4013(c)(15) (“This Section does not prohibit: . . . (15) The exchange in the regular course of business of information between a savings bank and any commonly owned affiliate of the savings bank, subject to the provisions of the Financial Institutions Insurance Sales Law.”)
  • Regulation P, 12 CFR 1016.10(a)(3)  (“You provide a consumer with a reasonable opportunity to opt out if: (i) You mail the notices required in paragraph (a)(1) of this section to the consumer and allow the consumer to opt out by mailing a form, calling a toll-free telephone number, or any other reasonable means within 30 days from the date you mailed the notices.”)
  • Regulation V, 12 CFR 1022.24(b) (“The consumer is given a reasonable opportunity to opt out if: (1) The opt-out notice is mailed to the consumer. The consumer is given 30 days from the date the notice is mailed to elect to opt out by any reasonable means.”)
  • Regulation P, 12 CFR 1016.3(q) (“Personally identifiable financial information means any information: (i) A consumer provides to you to obtain a financial product or service from you; (ii) About a consumer resulting from any transaction involving a financial product or service between you and a consumer; or (iii) You otherwise obtain about a consumer in connection with providing a financial product or service to that consumer. . . .”)