Why does the Privacy Rule Sometimes Refer to Consumers and Other Times to Customers? Aren’t Customers also Consumers?

Compliance > Privacy
Q: Why does the Privacy Rule sometimes refer to consumers and other times to customers? Aren’t customers also consumers?
A: All customers are consumers, but not all consumers are customers. A consumer is an individual who obtains a financial product or service from you that is primarily for personal, family, or household purposes. A financial product or service includes the evaluation or brokerage of information collected in connection with a request or application, such as a bank’s review of loan application materials to determine whether an applicant qualifies for a loan. A customer is a type of consumer, namely, an individual who has an ongoing relationship with you under which you provide a financial product or service. Note that neither a business nor an individual who obtains a financial product or service for business purposes is a consumer or a customer under the Privacy Rule. The rule distinguishes consumers from customers because your responsibilities to provide notices to consumers and to customers differ in several respects. • You must give all your customers initial privacy notices. • You must give initial notices (or short form notices) to consumers who are not your customers only if you intend to disclose nonpublic personal information about those consumers to nonaffiliated third parties (unless an exception in §§ 216.14 or 216.15 applies such that no initial notice is required prior to the disclosure). • You must give annual privacy notices to your customers as long as they remain your customers. • You are never required to send annual notices to consumers who are not your customers. It is important to remember that all consumers are entitled to the same protection from disclosures of nonpublic personal information under this regulation regardless of whether they are customers. You therefore must not disclose the nonpublic personal information of any consumer or any customer to any nonaffiliated third party outside of the exceptions in §§ 216.13 – 216.15 unless you provide a privacy notice and a reasonable opportunity to opt out, and the consumer or customer does not opt out.

This can be found in FAQ B.1. of the Regulation P FAQs.  The FAQs can be found at http://www.federalreserve.gov/regulations/cg/faq.pdf.

Add Feedback