Financial Services Industry Outsourcing and Enforcement of Privacy Laws Page: 3 of 6
The following text was automatically extracted from the image on this page using optical character recognition software:
Where May the Outsourced Service Be Performed? Whether the provider
is a domestic or foreign, the service may be performed either in or outside the United
States, provided it is not performed in violation of existing terrorist or country sanctions
under programs administered by the Office of Foreign Assets Control9 or any applicable
export control law.
What Governs the Confidentiality of Financial Institution Customer
Information? Until the 1970's, confidentiality requirements for financial institutions
were generally imposed under state law. Since then, with the passage of the Fair Credit
Reporting Act (FCRA)10 and Title V of the Gramm-Leach-Bliley Act (GLBA),11 the
financial service industry is subject to broadly applicable federal confidentiality
requirements that may, to some extent, be supplemented by state law. FCRA sets forth
responsibilities for credit bureaus and the entities that furnish consumer information to
them. It preempts state law on, and sets standards for, sharing of customer information
among affiliated companies. GLBA sets the standards for sharing of nonpublic customer
information by financial institutions with nonaffiliated third parties. It does not preempt
state laws that provide more consumer protection.
What Safeguards Are in Place to Protect the Privacy of Customer
Information Outsourced by Financial Institutions? GLBA requires the regulators
of financial institutions12 to issue rules "relating to administrative, technical, and physical
safeguards ... to insure the security and confidentiality of customer records and
information ... and ... to protect against unauthorized access to or use of such records or
information which could result in substantial harm or inconvenience to any customer."
Banking institutions, thrifts, and credit unions are required by law to notify their federal
regulator of any contract or arrangement with a third-party service provider.13 Each of the
federal financial institution regulators has issued a safeguards rule14 that addresses the
outsourcing of such information, emphasizing that the confidentiality obligation remains
with the financial institution. The federal banking regulators have issued guidance on
10 15 U.S.S. 1681 et seq.
" P.L. 106-102, 113 Stat. 1338, 1436, 15 U.S.C. 6801 et seq.
12 These are the: Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of
the Currency (OCC), Federal Reserve Board (FRB), Office of Thrift Supervision (OTS),
Securities and Exchange Commission (SEC), National Credit Union Administration (NCUA),
with respect to the depository institutions which they regulate, and the Federal Trade
Commission (FTC), with respect to all other entities coming under the definition of "financial
institution" in GLBA's privacy title, except for insurance companies. The safeguards standards
for insurance companies are to be administered by state insurance authorities.
13 12 U.S.C. 1867(c); 12 U.S.C. 1464(d)(7)(D)(ii).
14 Federal depository institution regulators' documents can be found at the FFIEC Website.
[http://www.ffiec.gov/exam/InfoBase/toc_s/02-ffi-table_of_contents_select.html]. The SEC and
FTC safeguards rules are 17 C.F.R. 248.30 and 16 C.F.R., Part 314. See also, 68 Fed. Reg.
47954 (Aug. 12, 2003), proposing "Interagency Guidance on Response Programs for
Unauthorized Access to Customer Information and Customer Notice."
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
Financial Services Industry Outsourcing and Enforcement of Privacy Laws, report, June 9, 2004; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc815780/m1/3/: accessed May 25, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.