Sec. 107. Requests for disclosure of or deletion of nonpublic personal information
867 words·~4 min read·
/bill/119/hr/8398/ih/section-107A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Title V of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 et seq. ) is amended by inserting after section 503 the following: Upon a request from a customer or former customer of a financial institution, such financial institution shall disclose to the customer or former customer— pursuant to the requirements of section 1033 of the Consumer Financial Protection Act of 2010 ( 12 U.S.C. 5533 ), any nonpublic personal information of the customer or former customer in the control or possession of the financial institution; and a list of the categories of affiliates and nonaffiliated third parties to whom the financial institution has disclosed nonpublic personal information of the customer or former customer (other than disclosures of nonpublic personal information made to an affiliate or a nonaffiliated third party pursuant to an exception under section 502(e)).
Paragraph
(1)shall not apply to the extent that disclosure of nonpublic personal information to a customer or former customer is prohibited under other provisions of law. Upon a request from a former customer, a financial institution shall delete any nonpublic personal information of the former customer held by the financial institution. Paragraph
(1)shall not require deletion of nonpublic personal information of a former customer by a financial institution where— the nonpublic personal information is required to be retained for a continuing purpose pursuant to an exception described under section 502(e); the holder of the nonpublic personal information is a consumer reporting agency, as defined in section 603(f) of the Fair Credit Reporting Act ( 15 U.S.C. 1681a(f) ), and the nonpublic personal information is held solely to the extent that it is used in activities subject to the Fair Credit Reporting Act; the nonpublic personal information is required to be retained to respond to a dispute under the Fair Credit Reporting Act; or the nonpublic personal information is required to be retained as otherwise required by law. A financial institution shall establish and implement procedures to verify the identity of a former customer submitting a request under paragraph
(1)before deleting nonpublic personal information that is the subject of such request. The procedures established by a financial institution pursuant to subparagraph
(A)shall be designed to— confirm that the individual making the request is the former customer to whom the nonpublic personal information relates; protect against unauthorized deletion of nonpublic personal information resulting from fraudulent requests; and protect against deletion of nonpublic personal information resulting from requests made by a former customer in error. A financial institution shall not be required to grant a request under paragraph
(1)if the financial institution cannot confirm that the identity of the individual making such request is the same as the former customer to whom the nonpublic personal information relates. A financial institution shall respond to a former customer submitting a request under paragraph
(1)without undue delay, but in all cases within 45 days of receiving such request. A financial institution may extend the response period in subparagraph
(A)once for an additional 45 days when necessary, taking into account the complexity and number of requests by the former customer, but must inform the former customer of such extension and the reason for such extension within the initial 45 day response period under subparagraph (A). A former customer may submit 2 requests per year free of charge to a financial institution under paragraph (1). For any request of a former customer under paragraph
(1)subsequent to the requests described in subparagraph (A), a financial institution may— charge the former customer a fee, if the financial institution has notified the former customer of such fee and the former customer has consented to such fee; or decline to act on such request, if the former customer does not consent to the fee described under clause (i). Subject to the exceptions in paragraph (2), a financial institution receiving a request under paragraph
(1)shall— establish a process for a former customer to appeal a determination by a financial institution to deny a request under paragraph (1); make such appeal process under subparagraph
(A)clearly and conspicuously disclosed to the former customer in the response required under paragraph
(4)if the request under paragraph
(1)is to be denied by the financial institution; respond to such an appeal request by the former customer— not later than 60 days after the date on which such appeal request is received; and by informing the former customer in writing or in electronic form or other form permitted by the regulations prescribed under section 504 of any action taken in response to the appeal, including an explanation of the reason for each action taken; and if such an appeal is denied, provide the former customer with an online mechanism, if available, or other method through which the former customer may contact the appropriate enforcement agency or authority as described in section 505 to submit a complaint. . This section shall take effect 2 years after the date of enactment of this Act. The table of contents in section 1(b) of the Gramm-Leach-Bliley Act is amended by inserting after the item relating to section 503 the following: Sec. 503A. Requests for disclosure of or deletion of nonpublic personal information. .
Connectionstraces to 3
Citation graph
cites case law
Sec. 107
Requests for disclosure of or deletion of nonpublic personal information
Cites 3Cited by 0 across 0 sources