Q. Who must comply with the Privacy Rule?
A. Any financial institution that provides financial products or services to consumers must comply with the privacy provisions of Title V of the Gramm-Leach-Bliley Act (“GLB Act”) (15 U.S.C. §§ 6801-09) and the Privacy Rule. Under the banking agencies’ rules,1 you are a financial institution if you engage in an activity that is financial in nature or incidental to a financial activity, as described in § 4(k) of the Bank Holding Company Act of 1956 (“BHC Act”) (12 U.S.C. § 1843(k)). For purposes of the banking agencies’ rules, activities “described in § 4(k) of the BHC Act” include the activities specifically listed in § 4(k) and any additional activities the Board, in consultation with the Secretary of the Treasury, determines to be financial in nature or incidental to a financial activity in accordance with § 4(k). Section 225.86 of the Board’s Regulation Y lists or otherwise references the activities that are financial in nature as of the date of these FAQs. See 12 C.F.R. 225.86. Note, however, that additional activities the Board authorizes in the future, such as activities approved by Board order, may not necessarily be listed at § 225.86. Authorized financial activities as of the date of these FAQs include but are not limited to the following: • Lending, exchanging, transferring, investing for others, or safeguarding money or securities; • Insuring, guaranteeing, or indemnifying against loss, harm, damage, illness, disability, or death, or providing and issuing annuities, either as principal, agent, or broker; and • Providing financial advice, underwriting, dealing in, or making a market in securities. You have consumers if you provide your financial products or services to individuals to be used primarily for their personal, family, or household purposes. Additionally, the Privacy Rule restricts the use and disclosure of nonpublic personal information obtained from a nonaffiliated financial institution, as discussed below.
This can be found in FAQ A.1. of the Regulation P FAQs. The FAQs can be found at http://www.federalreserve.gov/regulations/cg/faq.pdf