Your Financial Privacy Rights (2024)

Get control of your financial information

Controlling your personal information is an important part of personal privacy. Personal financial information is among the most sensitive of all personal information. Personal financial information includes what you put on an application for a loan or credit card, your account balances, your payment history, your overdraft history, and where you make purchases by debit or credit card. In some instances, it can even include medical information.

You have rights

California and federal laws allow consumers to put limits on what banks and other financial companies can do with your personal financial information1 California law gives you more rights to limit the sharing of your personal financial information. The laws apply to banks, credit unions, savings and loans, credit card companies, insurance companies and other financial service companies.2

When they have to ask you first

Under California law, financial service companies must get your permission first, before they can share your personal financial information with outside companies. This does not apply to sharing with outside companies that offer financial products or services. You have a right to "opt out" of information sharing with outside companies for those purposes. See below for more on how to opt out.

Notices sent to consumers

Both state and federal laws require financial companies to notify their customers of their privacy rights every year. The first federal notices were often written in legal language that was hard to understand, but some companies have improved their notices since then.3 California law requires a notice that is clear and easy to read. The California notice, titled "Important Privacy Choices for Consumers," lets you check off your choices on the sharing of your personal information. You may receive the California financial privacy notice enclosed with the federal notice, or it may come separately.4

When you can say no

California law lets you tell your bank and other financial companies that you do not want them to share your personal financial information in some cases. You can say no to, or opt out of, having your information shared with outside companies that offer financial products or services. You also have the right to opt out of some information sharing with some companies owned or controlled by your financial company (called "affiliates").5

How to say no, or how to "opt out."

"Opting out" means that if you say "no," then the company must follow your wishes. But if you say nothing, if you do not opt out, then the company is free to share your information. It's easy to opt out on the California "Important Privacy Choices for Consumers" form. Simply check the boxes to indicate your choices and mail the form in the pre-addressed envelope provided. The company may also allow you to opt out by e-mail or by calling a toll-free phone number. It is still a good idea to mail in the form to create a record of your action. You do not have to opt out every year. Your financial institutions must continue to follow your opt-out decision until you change it.

It's not too late

It's never too late to opt-out, even if you did not reply to the privacy notices right away. If you didn't reply within 45 days, then your financial company may have already started sharing your information. But you have a continuing right to opt out and you can prevent future sharing of more current information.

What if you think your privacy rights were violated?

You can make a complaint under the California law to the California Attorney General or to a state or federal agency that regulates financial companies. The agency may investigate your complaint and may take action against the financial company. But the agency can't represent you. You may also file a complaint under the federal law with a federal agency.6

Before filing a complaint, consider writing a letter to the financial company. In your letter, explain why you think the company violated the law and what you would like it to do for you. Ask for a specific response within a reasonable time (for example, 30 days).

State Government Agencies

The following state government agencies can enforce the privacy protections in the California Financial Information Privacy Act.

California Department of Insurance

Regulates insurance industry in California. Enforces both federal and state privacy laws.

Department of Insurance
Consumer Communications Bureau
300 So. Spring St.
Los Angeles, CA 90013

800-927-HELP (927-4357)

California Department of Financial Protection and Innovation (DFPI)

Provides protection to consumers and services to businesses engaged in financial transactions. The Department regulates a variety of financial ser¬vices, products and professionals. The Department oversees the operations of state-licensed financial institutions, including banks, credit unions, money transmitters, issuers of payment instruments and travelers checks, and premium finance companies. Additionally, the Department licenses and regulates a variety of financial businesses, including securities brokers and dealers, investment advisers, deferred deposit (commonly known as payday loans) and certain fiduciaries and lenders..

Department of Financial Protection and Innovation (DFPI)
Consumer Services
1810 13th Street
Sacramento, CA 95814


California Office of Attorney General

Enforces privacy law on financial service companies not regulated by the state financial regulators.

Office of Attorney General
California Department of Justice
Attn: Public Inquiry Unit
P.O. Box 944255
Sacramento, CA 94244-2550


Federal Government Agencies

The following federal government agencies can enforce the privacy protections in the federal and state laws listed above.

Federal Trade Commission

Investigates consumer fraud outside the jurisdiction of other federal agencies.

FTC, Bureau of Consumer Protection
Washington, DC 20580

877-FTC-HELP (877-382-4357)

Federal Reserve Board

Regulates banks other than national banks and branches of foreign banks.

Federal Reserve
Consumer & Community Affairs
20th & C Streets, NW Stop 801
Washington, D.C. 20551


Office of the Comptroller of the Currency

Regulates national banks and branches of foreign banks.

OCC, Customer Assistance Group
1301 McKinley St., Suite 3710
Houston, TX 77010


Office of Thrift Supervision

Regulates federal savings associations and savings banks and state-chartered savings associations.

OTS, Consumer Complaints
1700 G Street, NW
Washington, DC 20552


Securities and Exchange Commission

Oversees stock exchanges, broker-dealers and associates, and investment advisers.

SEC Complaint Center
Investor Education & Assistance
450 Fifth St., NW
Washington, DC 20549


National Credit Union Administration

Regulates federal credit unions.

GLB & FCRA Address:
Director, Division of Supervision
2300 Clayton Rd., Suite 1350
Concord, CA 94520


1The Financial Services Modernization Act, or Gramm-Leach-Bliley Act, 15 U.S. Code §§ 6801-6810. Known as the "GLB Act," the law allows financial institutions, insurance companies and investment companies to merge, becoming what have been called "one-stop financial supermarkets." It also provides some consumer privacy rights and requires security safeguards for personal information. The California Financial Information Privacy Act (FIPA), Financial Code §§ 4050-4060, gives California consumers additional rights to limit the sharing of their personal financial information by financial service companies doing business in California. Back to link 1

2The GLB Act and FIPA consider a broad array of businesses to be "financial institutions," including, for example, retailers that issue their own credit cards directly to consumers, real estate appraisers, mortgage brokers, career counselors in the finance area, check printing businesses, and accountants who prepare tax returns. Back to link 2

3The federal GLB Act privacy notices are required to include the following information: how the customer's personal financial information is collected, how the customer's information is used, and how the customer could "opt-out" or choose not to have personal financial information shared with some outside or "third-party" companies. Back to link 3

4FIPA requires the notice, among other things, to be on a single page; be titled "Important Privacy Choices for Consumers;" use the headers, if applicable, "Restrict Information Sharing With Companies We Own Or Control (Affiliates)" and "Restrict Information Sharing With Other Companies We Do Business With To Provide Financial Products And Services"; use text in no smaller than 10-point type; provide choices that may be selected by checking a box; use sentences averaging 15 to 20 words or bullet lists where possible; and avoid multiple negatives, legal terminology and highly technical terminology whenever possible. See Financial Code § 4053(d)(1) for details. Back to link 4

5The affiliate sharing provisions of FIPA are being contested in court and may be ruled as preempted by federal law. FIPA provides an opt-out right over sharing with affiliates other than those affiliated companies that are regulated by the same functional regulator, engaged in the same line of business and share a common brand. If the California provision were preempted, then the limited opt-out right in the federal Fair Credit Reporting Act (FCRA) would apply. The FCRA allows a consumer to opt out of having "creditworthiness information" shared with affiliates. This is information such as payment history and credit score. Federal law does not allow consumers to stop a company from sharing the more sensitive "transaction and experience information" with affiliates. Transaction and experience information includes, for example, what items are charged on a credit card. Back to link 5

6You can't go to court to sue the company under FIPA or the GLB Act. Under the FCRA, you have the right to sue a credit reporting agency in federal or state court. You could recover damages from violators of the FCRA. Back to link 6

Your Financial Privacy Rights (2024)


What are the right to financial privacy requirements? ›

Under California law, financial service companies must get your permission first, before they can share your personal financial information with outside companies. This does not apply to sharing with outside companies that offer financial products or services.

What are the exceptions to the financial privacy rule? ›

First, the privacy rule does not govern information sharing among affiliated parties. Second, the rule contains exceptions to allow transfers of nonpublic personal information to unaffiliated parties to process and service a consumer's transaction, and to facilitate other normal business transactions.

Why is financial privacy important? ›

Under the law, agencies enforce the Financial Privacy Rule, which governs how financial institutions can collect and disclose customers' personal financial information; the Safeguards Rule, which requires all financial institutions to maintain safeguards to protect customer information; and another provision designed ...

What federal law requires you to protect your customer's financial privacy? ›

Privacy and Security

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

What are three exceptions to the right to privacy? ›

There are some exceptions to the opt-out right. Common reasons why businesses may refuse to stop selling your personal information include: Sale or sharing is necessary for the business to comply with legal obligations, exercise legal claims or rights, or defend legal claims.

What are examples of right to privacy? ›

The Fourth Amendment of the Constitution protects “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” This means that the police are not supposed to stop you without a reason, and they cannot go looking through your pockets, bags, car or ...

Which of the following are not covered by the Right to Financial Privacy Act? ›

“Person” is defined by the RFPA as an individual or a partnership of five or few individuals. Therefore, restrictions in the Act do not apply to the financial records of corporations or partnerships with six or more partners.

What are the three rights under the Privacy Act? ›

The Privacy Act provides protections to individuals in three primary ways. It provides individuals with: the right to request their records, subject to Privacy Act exemptions; the right to request a change to their records that are not accurate, relevant, timely or complete; and.

What are financial rights? ›

Financial Rights means the right to receive distributions of funds and allocations of income, gain, loss, deduction and credit.

What are the personal financial data rights? ›

The Personal Financial Data Rights proposal wants data providers—defined as financial institutions that offer checking accounts, prepaid cards, credit cards, and digital wallets—to allow their customers to share transaction information (including historical data), account balances, basic identity information (name, ...

What states have financial privacy laws? ›

Currently, there are 15 states – California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, Florida, New Jersey, and New Hampshire – that have comprehensive data privacy laws in place.

Who must receive a privacy notice? ›

You must deliver your privacy notices to each consumer or customer in writing, or, if the consumer or customer agrees, electronically.

What does the Privacy Act prohibit? ›

1992) (noting that “Privacy Act generally prohibits the federal government from disclosing personal information about an individual without the individual's consent”). A “disclosure” can be by any means of communication – written, oral, electronic, or mechanical. See OMB 1975 Guidelines, 40 Fed.

What is the GLBA right to financial privacy? ›

The Right—Consumers must be given the right to “opt out” of, or prevent, a financial institution from disclosing nonpublic personal information about them to a nonaffiliated third party unless an exception to that right applies.

What does the Right to Financial Privacy Act generally require that a member must receive? ›

Generally, these requirements include obtaining subpoenas, notifying the customer of the request, and providing the customer with an opportunity to object. The Act imposes related limitations and duties on financial institutions prior to the release of information requested by federal authorities.

What are the three elements of the right to privacy? ›

According to Edward Bloustein, privacy is an interest of the human personality. It protects the inviolate personality, the individual's independence, dignity and integrity. According to Ruth Gavison, there are three elements in privacy: secrecy, anonymity and solitude.

What does the FTC Financial Privacy Rule require? ›

A financial institution must provide a notice of its privacy policies and practices with respect to both affiliated and nonaffiliated third parties, and allow the consumer to opt out of the disclosure of the consumer's nonpublic personal information to a nonaffiliated third party if the disclosure is outside of the ...


Top Articles
Latest Posts
Article information

Author: Madonna Wisozk

Last Updated:

Views: 6201

Rating: 4.8 / 5 (48 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Madonna Wisozk

Birthday: 2001-02-23

Address: 656 Gerhold Summit, Sidneyberg, FL 78179-2512

Phone: +6742282696652

Job: Customer Banking Liaison

Hobby: Flower arranging, Yo-yoing, Tai chi, Rowing, Macrame, Urban exploration, Knife making

Introduction: My name is Madonna Wisozk, I am a attractive, healthy, thoughtful, faithful, open, vivacious, zany person who loves writing and wants to share my knowledge and understanding with you.