(a) The requirements for initial notice to consumers in §22.8(a)(2)
of this title (relating to Initial Privacy Notice), the opt out in §22.11
of this title (relating to Form of Opt Out Notice to Consumers and Opt Out
Methods) and §22.14 of this title (relating to Limits on Disclosure of
Nonpublic Personal Financial Information to Nonaffiliated Third Parties),
and service providers and joint marketing in §22.17 of this title (relating
to Exception to Opt Out Requirements for Disclosure of Nonpublic Personal
Financial Information for Service Providers and Joint Marketing) do not apply
when a covered entity discloses nonpublic personal financial information:
(1) with the consent or at the direction of the consumer, provided
that the consumer has not revoked the consent or direction;
(2) to protect the confidentiality or security of a covered
entity's records pertaining to the consumer, service, product or transaction;
(3) to protect against or prevent actual or potential fraud
or unauthorized transactions;
(4) for required institutional risk control or for resolving
consumer disputes or inquiries;
(5) to persons holding a legal or beneficial interest relating
to the consumer;
(6) to persons acting in a fiduciary or representative capacity
on behalf of the consumer;
(7) to provide information to insurance rate advisory organizations,
guaranty funds or agencies, agencies that are rating a covered entity, persons
that are assessing the covered entity's compliance with industry standards,
and the covered entity's attorneys, accountants and auditors;
(8) to the extent specifically permitted or required under
other provisions of law and in accordance with the federal Right to Financial
Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies
(including the Federal Reserve Board, Office of the Comptroller of the Currency,
Federal Deposit Insurance Corporation, Office of Thrift Supervision, National
Credit Union Administration, the Securities and Exchange Commission, the Secretary
of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records
and Reports on Monetary Instruments and Transactions) and 12 U.S.C. Chapter
21 (Financial Recordkeeping), a state insurance authority, and the Federal
Trade Commission), self-regulatory organizations or for an investigation on
a matter related to public safety;
(9) to a consumer reporting agency in accordance with the federal
Fair Credit Reporting Act (15 U.S.C. 1681 et seq.); or from a consumer report
reported by a consumer reporting agency;
(10) in connection with a proposed or actual sale, merger,
transfer or exchange of all or a portion of a business or operating unit if
the disclosure of nonpublic personal financial information concerns solely
consumers of the business or unit;
(11) to comply with federal, state or local laws, rules and
other applicable legal requirements;
(12) to comply with a properly authorized civil, criminal or
regulatory investigation, or subpoena or summons by federal, state or local
authorities;
(13) to respond to judicial process or government regulatory
authorities having jurisdiction over a covered entity for examination, compliance
or other purposes as authorized by law; or
(14) for purposes related to the replacement of a group benefit
plan, a group health plan, a group welfare plan or a workers' compensation
policy.
(b) A consumer may revoke consent by subsequently exercising
the right to opt out of future disclosures of nonpublic personal financial
information as permitted under §22.11(f) of this title.
|