New Privacy Law
Questions and Answers 

What is this new privacy law?

The Gramm-Leach-Bliley Act (GLB Act) was signed into law on November 12, 1999.  While the overall Act made some important changes in financial modernization, few of these reforms had a direct effect on credit unions.  However, certain parts of this Act created protections and disclosure requirements relating to the use of certain consumer information by all financial institutions, including credit unions.  The National Credit Union Administration (NCUA), interpreted this law for credit unions and laid out the regulations for disclosure that all federally chartered credit unions, and federally insured state chartered credit union (like Telhio) must follow.

Why did this law come about?

The GLB Act came about as an answer to a steadily growing wave of consumer concern over the use of private consumer information.  Much of this concern was generated over widely-publicized abuses by large banks.  Consumers were both angered and surprised that their banks had no legal requirement to protect the confidentiality of private information.  The GLB Act is actually a compromise between the financial institutions and the members of Congress, who had actually wished to enact even stricter privacy reform.

What information is protected under this law?

The NCUA’s Privacy Rule applies to all non-public personal information about individuals who obtain financial products or services for personal, family or household purposes.

What is non-public personal information?

The easiest way to define non-public personal information is to define what it is not.  Non-public personal information is information that isn’t publicly available. This includes:

• All personally identifiable financial information, including:
  • Any information that a consumer provides to the credit union in order to obtain a financial service or product  (this would include any information that a consumer provides on a membership application or a loan application)
  • Any transactional information involving a financial product or service provided to a consumer (this would include, but is not limited to, any account balance information or account history information)
  • Any information the credit union obtains from other sources about the consumer in connection with providing that financial product or service (which includes credit report information, collections information, etc)
• Any lists or reports that include personally identifiable financial information, even if part of his list include publicly available information
• Any lists that are produced by using personally identifiable financial information.

Who can the credit union disclose this information to?

The NCUA’s Privacy Rule allows the credit union to freely disclose publicly available information with anyone.  The regulation also allows the credit union to freely disclose most non-public personal information to affiliates and non-affiliate third parties, so long as the credit union properly discloses the release of this information.  In some cases, credit unions would be required to provide a further notice to consumers allowing them to opt out of the disclosure of their information.

A credit union is NOT required to offer members the ability to opt-out of sharing their information is the parties that they would be sharing with fall into one of the following exceptions:

• Service Provider/Joint Marketing Exception
• Processing & Servicing Exception
• “Laundry List” Exception (which includes exceptions for member and credit union security, compliance with law, consumer reporting agencies and third party regulators)

What is this "opt-out” disclosure?

Some credit unions will be required to provide consumers with a means to choose not to have their information shared with non-affiliated third parties.  This option only exists, however, when the credit union is sharing information with non-affiliated third parties that exist outside of the exceptions of the NCUA Privacy Rule. 

All of the third-party relationships that Telhio uses as part of our every day business fall into one of the above exceptions.  Therefore, Telhio is not required to provide members with an opt-out disclosure.

What if a member requests that he/she not receive a particular mailing from the credit union?

Per the requirements of the NCUA Privacy Rule, Telhio is not and will not be sharing any non-public personal information with any third parties that do not fall into one of the Privacy Rule exceptions.  Therefore, any information that we share, or any mailings that members receive from Telhio or on our behalf do not violate this privacy law.

However, if a member still insists to have their name removed from a mailing list, please note:

• Notification must be received from the member IN WRITING. 

• If a member requests to stop receiving one mailing, they must understand that the flag that will be put on the account will stop ALL mailings that they receive from the credit union (except for their statement).  It is not possible to stop only certain types of mailings.  This means that any other future types of promotions will not be able to be sent to them.

What is likely to happen in the future with privacy legislation?

The NCUA’s Privacy Rule is probably just the beginning of the credit union’s privacy responsibilities.  Privacy is one of the top legislative reform topics in the halls of state and federal legislatures.  Even before the NCUA could issue its regulation, some federal lawmakers were already calling on new restrictions on the sharing of information with nonaffiliated third parties.