Sec. 7. Obligations with respect to access and deletion of nonpublic personal information
521 words·~2 min read·
/bill/118/hr/1165/rh/section-7A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Title V of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 et seq. ) is amended by inserting after section 502 the following: Upon an authorized request from an individual with whom a financial institution has a customer or consumer relationship, a financial institution shall disclose— any nonpublic personal information relating to such individual held by the financial institution; the list of categories of nonaffiliated third parties with whom the financial institution shares nonpublic personal information relating to such individual; and the list of categories of nonaffiliated third parties from whom the financial institution has received nonpublic personal information relating to such individual.
Disclosures described under paragraph
(1)shall be in a structured, commonly used, and machine-readable format. For purposes of subparagraphs
(B)and
(C)of paragraph (1), a financial institution is not required to disclose a nonaffiliated third party with whom the financial institution shares or receives nonpublic personal information relating to such individual pursuant to an exception described under any of paragraphs
(3)through
(8)of section 502(e). Upon an authorized request from an individual with whom a financial institution has a customer or consumer relationship, a financial institution shall delete any nonpublic personal information relating to such individual held by the financial institution. If such individual has not used a product or service provided by a financial institution for 1 year, the financial institution shall— notify such individual that such individual has the right to request the deletion of any nonpublic personal information relating to such individual held by the financial institution, and provide such individual with clear instructions on how to make such request; and for each additional 1-year period with respect to which such person continues to not use a product or service of the financial institution, resend the notice described under subparagraph (A). This subsection shall not require a financial institution to delete nonpublic personal information if— the financial institution is otherwise required by law to retain the nonpublic personal information; the nonpublic personal information may be necessary to respond to a dispute under the Fair Credit Reporting Act; or the nonpublic personal information may be necessary to retain for a purpose described in an exception under section 502(e). With respect to nonpublic personal information that a financial institution would be required to delete under this subsection but for the application of this paragraph, the financial institution may only use such nonpublic personal information for the applicable purpose described under subparagraph (A). A financial institution that receives an authorized request, under this section, from an individual with whom such financial institution has a customer or consumer relationship, shall respond within 45 business days. Not later than the end of the 1-year period beginning on the date of enactment of this section, each agency or authority described in section 504 shall issue rules to carry out this section with respect to the financial institutions subject to its jurisdiction. . The table of contents in section 1(b) of the Gramm-Leach-Bliley Act is amended by inserting after the item relating to section 502 the following: Sec. 502A. Obligations with respect to access and deletion of nonpublic personal information. .
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 7
Obligations with respect to access and deletion of nonpublic personal information
Cites 1Cited by 0 across 0 sources