The Office of the Comptroller of the Currency yesterday published its rules for the interpretation of the Gramm-Leach-Bliley Act, the financial modernization bill that takes effect Nov. 13. As expected, financial institutions were given until July 1, 2001, to comply with the privacy components in the legislation, which allows banks, insurance companies and securities firms to merge.
The OCC included in its interpretation of the act a new definition of the term “nonpublic personal information.” The OCC said any data that financial institutions could reasonably expect to obtain from a public source — such as addresses from a phone book or data from a publicly recorded mortgage loan — could be defined as public information, and therefore, exempt from additional privacy protections.
The Gramm-Leach-Bliley Act requires financial firms to give consumers the chance to opt out of having their nonpublic personal information shared, but allows for the sharing of publicly available information. Financial firms are prohibited, however, from sharing lists of publicly available information about their customers if the lists are generated using nonpublic personal information as criteria.
The OCC also defined personally identifiable financial information to include the fact that a customer has a relationship with a financial institution.
“Clearly information that a person has a customer relationship identifies that person, and thus is personally identifiable,” the OCC wrote in explaining the definition.
Such information also cannot be shared without a customer’s consent.
Each of the agencies that regulate financial firms was scheduled to file its interpretations of the privacy regulations by tomorrow. The agencies’ interpretations were expected to be similar.