(b) Opt out
(1) In general A financial institution may not disclose nonpublic personal information to a nonaffiliated third party unless
(A) such financial institution clearly and conspicuously discloses to the consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section
6804 of this title, that such information may be disclosed to such third party;
(B) the consumer is given the opportunity, before the time that such information is initially disclosed, to direct that such information not be disclosed to such third party; and
(C) the consumer is given an explanation of how the consumer can exercise that nondisclosure option.
(2) Exception This subsection shall not prevent a financial institution from providing nonpublic personal information to a nonaffiliated third party to perform services for or functions on behalf of the financial institution, including marketing of the financial institutions own products or services, or financial products or services offered pursuant to joint agreements between two or more financial institutions that comply with the requirements imposed by the regulations prescribed under section
6804 of this title, if the financial institution fully discloses the providing of such information and enters into a contractual agreement with the third party that requires the third party to maintain the confidentiality of such information.
(e) General exceptions Subsections (a) and (b) of this section shall not prohibit the disclosure of nonpublic personal information
(1) as necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with
(A) servicing or processing a financial product or service requested or authorized by the consumer;
(B) maintaining or servicing the consumers account with the financial institution, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity; or
(C) a proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer;
(2) with the consent or at the direction of the consumer;
(3)
(A) to protect the confidentiality or security of the financial institutions records pertaining to the consumer, the service or product, or the transaction therein;
(B) to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability;
(C) for required institutional risk control, or for resolving customer disputes or inquiries;
(D) to persons holding a legal or beneficial interest relating to the consumer; or
(E) to persons acting in a fiduciary or representative capacity on behalf of the consumer;
(4) to provide information to insurance rate advisory organizations, guaranty funds or agencies, applicable rating agencies of the financial institution, persons assessing the institutions compliance with industry standards, and the institutions attorneys, accountants, and auditors;
(5) to the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 [
12 U.S.C.
3401 et seq.], to law enforcement agencies (including a Federal functional regulator, the Secretary of the Treasury with respect to subchapter II of chapter
53 of title
31, and chapter 2 of title I of Public Law 91508 (
12 U.S.C.
1951–1959), a State insurance authority, or the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety;
(6)
(A) to a consumer reporting agency in accordance with the Fair Credit Reporting Act [
15 U.S.C.
1681 et seq.], or
(B) from a consumer report reported by a consumer reporting agency;
(7) in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of such business or unit; or
(8) to comply with Federal, State, or local laws, rules, and other applicable legal requirements; to comply with a properly authorized civil, criminal, or regulatory investigation or subpoena or summons by Federal, State, or local authorities; or to respond to judicial process or government regulatory authorities having jurisdiction over the financial institution for examination, compliance, or other purposes as authorized by law.