2005 - present | 2004 | 2003 | 2002 | 2001 | 2000|
Email This to a Friend
The privacy rules apply to nonpublic personal information about individuals who obtain financial services products for personal, family or household purposes. Nonpublic personal information is generally defined as personally identifiable financial information that is not publicly available. The Commission's rules require firms to notify customers of their privacy policies and firms are also required to provide customers with a notice that instructs customers how to "opt out" of having their information shared with nonaffiliated third parties. Firms must give customers a reasonable amount of time to opt out of disclosures of nonpublic personal information to nonaffiliated parties. Member firms must be in Compliance with the Commission's privacy rules by March 31, 2002. Members who have entered into marketing or other service agreements with non-affiliated third parties before March 31, 2002 will have their existing service agreements grandfathered in and have until March 31, 2003 to ensure the agreement is in compliance with the privacy rules. This exception also applies to third parties that jointly market products for the Member firm and another financial institution.
To assist firms in addressing these federally mandated requirements, NFA will present an audio conference in June 2002 to discuss the CFTC's privacy rules. NFA will post the specific date and time of the conference in the Members' education section of the web site, www.nfa.futures.org. However, to be in compliance by March 31, 2002, member firms must have provided their existing customers with a privacy notice, an opt out notice (if necessary) and a reasonable amount of time to opt out before March 31. Firms must also stop sharing customers' nonpublic personal information with nonaffiliated third parties, if these steps have not been taken, unless the disclosure is under an exception in rule 160.14 or 160.15. Firms must also adopt policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information.
The privacy rules generally require intermediaries to:
The privacy notices must contain specific information, including
These notices must be accurate, clear and conspicuous. If the firm is required to provide an opt out notice to its customers, the notice should specify that the firm can disclose information to a third party, that the customer or consumer can opt out of this disclosure, and the means by which the customer or consumer may exercise their opt out right. The Commission has published a very helpful Financial Privacy Requirements Brochure that can be found on the Commission web site at www.cftc.gov/cftc/cftcfprbrochure.htm.