Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · H.R. 8398 (Introduced in House) — To make improvements to title V of the Gramm-Leach-Bliley Act, and for other purposes. · Sec. 401

Sec. 401. Additions to definitions

955 words·~4 min read·/bill/119/hr/8398/ih/section-401·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Section 509 of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6809 ) is amended— in paragraph (3)(A), by inserting before the period at the end the following: or a financial data aggregator ; by amending paragraph (4)(A) to read as follows: The term nonpublic personal information means— personally identifiable financial information— provided by a consumer to a financial institution; resulting from any transaction with the consumer or any service performed for the consumer; or otherwise obtained by the financial institution; access credentials; and when used by a financial institution while engaging in financial activities as described in section 4(k) of the Bank Holding Company Act of 1956 ( 12 U.S.C. 1843(k) )— biometric data; and precise geolocation data. ; in paragraph (11), by striking and inserting Customer ; and Time of establishing a customer by adding at the end the following:
The term access credentials means personally identifiable nonfinancial information that a consumer uses to access an account of such consumer at a financial institution, including a username, password, personal identification number, access code, answer to a security question, or a substantially similar item of personally identifiable nonfinancial information. The term artificial intelligence has the meaning given such term in section 5002 of the National Artificial Intelligence Initiative Act of 2020 ( 15 U.S.C. 9401 ).
The term biometric data — means personally identifiable nonfinancial information of a consumer generated by automatic measurements of biological characteristics, including a fingerprint, voiceprint, eye retinas, eye irises, or other unique biological patterns or characteristics that are used to identify a specific consumer; and does not include a physical or digital photograph, a video or audio recording or data generated therefrom, or information collected, used, or stored for health care treatment, payment, or operations under the Health Insurance Portability and Accountability Act or the amendments made by that Act.
The term consent means a clear affirmative act by a consumer that— signifies the freely given, specific, informed, and unambiguous agreement by the consumer to an action; and is— in writing or in electronic form or other form permitted by the regulations prescribed under section 504; or in any other unambiguous affirmative form. The term covered nation has the meaning given such term in section 4872(f) of title 10, United States Code. The term customer means a consumer who has a customer relationship with a financial institution.
The term customer relationship means a continuing relationship between a consumer and a financial institution under which the financial institution provides one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes. The term financial data aggregator — means any person that operates a commercial enterprise for the primary business purpose of accessing, aggregating, collecting, processing, selling, or otherwise disclosing nonpublic personal information; and does not include— a person that receives, processes, or discloses nonpublic personal information solely to the extent that it performs services for or functions on behalf of a financial institution pursuant to section 502(b)(2) or pursuant to an exception described under section 502(e); a consumer reporting agency, as defined in section 603(f) of the Fair Credit Reporting Act ( 15 U.S.C. 1681a(f) ), solely to the extent that it engages in activities subject to the Fair Credit Reporting Act; an attorney, accountant, investment adviser, or other person acting in a fiduciary or representative capacity on behalf of a consumer pursuant to section 502(e)(3)(E); a person— to the extent that such person is not a financial institution; and that operates a commercial enterprise that receives, processes, or discloses nonpublic personal information for the purpose of making or receiving payments associated with a sale, purchase, or exchange of goods or services; or a self-regulatory organization that receives or processes nonpublic personal information disclosed to it by its members, or that discloses nonpublic personal information to an agency.
The term former customer means a consumer who has previously had a customer relationship with a financial institution and that is no longer a customer of the financial institution because that customer relationship has terminated. The term precise geolocation data — means personally identifiable nonfinancial information of a consumer generated by technological means, including global positioning systems, telemetry, telematics, and level, latitude, and longitude coordinates, or other means, that directly identifies the specific location of a consumer with precision and accuracy within a radius of 1,750 feet; and does not include the content of communications or any data generated by or connected to advanced utility metering infrastructure systems or equipment for use by a utility.
The term self-regulatory organization — has the meaning given that term in section 3(a) of the Securities Exchange Act of 1934 ( 15 U.S.C. 78c(a) ); and means— a contract market, derivatives transaction execution facility, registered futures association, or other self-regulatory organization registered with the Commodity Futures Trading Commission; and any other self-regulatory organization registered with an agency authorized under section 504(a)(1) to prescribe regulations or with a Federal functional regulator, as determined by such agency or such Federal functional regulator.
The term sensitive nonpublic personal information means, when used by a financial institution while engaging in financial activities as described in section 4(k) of the Bank Holding Company Act of 1956 ( 12 U.S.C. 1843(k) )— personally identifiable nonfinancial information of a consumer that discloses the consumer’s racial or ethnic origin, religious belief, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; genetic or biometric data of a consumer that is disclosed for the purpose of uniquely identifying a specific consumer; and precise geolocation data.
The term State means each State of the United States, the District of Columbia, each commonwealth, territory, or possession of the United States, and each federally recognized Indian Tribe. .
Connectionstraces to 5
Citation graph
cites case law
Sec. 401
Additions to definitions
U.S.C.§ 6809
U.S.C.§ 1843
U.S.C.§ 9401
U.S.C.§ 1681a
U.S.C.§ 78c
Cites 5Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.