Privacy Rule Handbook

Begin image description
This table reflects the rule's requirements for delivering initial, annual, and revised notices to consumers and customers. The table consists of three columns. Column one is entitled Type of Notice. Column two is entitled Who Gets It. The third column is entitled Delivery. The Initial privacy notice (all banks) is given to all existing bank customers no later than July 1, 2001. The Initial privacy notice (all banks) is given to all new bank customers after July 1, 2001, when the customer relationship is established. The Initial privacy notice (all banks) is given to consumers who are not customers only if the bank intends to share nonpublic personal information about the consumer with a nonaffiliated third party. The Annual privacy notice (all banks) is given to all customers at least once in any period of twelve consecutive months while the customer relationship continues. The Revised privacy notice (as applicable) is given to all customers and consumers who are not customers before the bank shares nonpublic personal information in a manner not described in the most recent notice delivered to the customer or consumer.
End image description

Return to Privacy Rule Handbook



Begin image description
This table gives a summary of the rule's requirement for delivering an opt out notice. The table consists of three columns. Column one is entitled Type of Notice. Column two is entitled Who Gets It. The third column is entitled Delivery. The Opt Out Notice (only banks that share outside of exceptions) is given to all customers and to all consumers who are not customers before the bank shares nonpublic personal information about the customer or consumer (and the information sharing is not permissible under the privacy rule opt out exceptions).
End image description

Return to Privacy Rule Handbook



Begin image description
A table that outlines a timeline designating important checkpoints for compliance. The title of the table is "A bank may want to establish timeframes to:" Timeframe one is to assess current information sharing practices. Timeframe two is to draft privacy policies and consumer notices. Timeframe three is to obtain input and approval from management. Timeframe four is to: 1. Deliver initial notices to customers; and 2. Deliver opt out notices to consumers and customers as applicable. Timeframe five is to prepare to respond to public inquiries. Timeframe six is to process opt out directions from consumers and customers.
End image description

Return to Privacy Rule Handbook



Begin image description
A diagram that depicts the relationship between all individuals who do business with a bank and those who meet the regulatory definitions for consumers and customers. The diagram displays three concentric circles. The largest circle represents all individuals who conduct business with a bank. The second largest circle represents all consumers as a subset of all individuals who do business with a bank. The smallest circle represents all customers as a subset of all consumers.
End image description

Return to Privacy Rule Handbook



Begin image description
A diagram that depicts two categories of nonpublic information. The diagram displays a large circle which represents Personally Identifiable Financial Information. Inside this circle are two intersecting circles. One circle represents Nonpublic Personal Information and the second circle represents Publicly Available Information.
End image description

Return to Privacy Rule Handbook