Exam CIPP-US topic 1 question 40 discussion

The correct answer is C. After disclosing information-sharing practices to customers and after giving them an opportunity to opt out. Reference: The IAPP textbook, U.S. Private-Sector Privacy, 4th Edition, 2024, Section 9.3.2 The GLBA Privacy Rule: "In addition, other than for defined exceptions, a financial institution may also share consumer information with nonaffiliated companies and other third parties, but only after disclosing information-sharing practices to customers and providing them with the opportunity to opt out."

The Gramm-Leach-Bliley Act seeks to protect consumer financial privacy. Its provisions limit when a "financial institution" may disclose a consumer's "nonpublic personal information" to nonaffiliated third parties. The law covers a broad range of financial institutions, including many companies not traditionally considered to be financial institutions because they engage in certain "financial activities." Financial institutions must notify their customers about their information-sharing practices and tell consumers of their right to "opt-out" if they don't want their information shared with certain nonaffiliated third parties. In addition, any entity that receives consumer financial information from a financial institution may be restricted in its reuse and redisclosure of that information.

A financial institution may also share consumer information with nonaffiliated companies and other third parties, but only after disclosing information-sharing practices to customers and providing them with the opportunity to opt out. IAPP 9.3.2 (page 233). The correct answer is C.

Correct Answer is C. information with nonaffiliated companies and other third parties, but only after disclosing information-sharing practices to customers and providing them with the opportunity to opt out.

https://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act "If you share their NPI with nonaffiliated third parties outside of three exceptions (see "Exceptions"), you must give your consumers and customers an "opt-out notice" that clearly and conspicuously describes their right to opt out of the information being shared. An opt-out notice must be delivered with a privacy notice, and it can be part of the privacy notice."

https://www.ecfr.gov/current/title-12/chapter-X/part-1022/subpart-C Example. A consumer has a homeowner's insurance policy with an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated creditor. Based on that eligibility information, the creditor wants to make a solicitation to the consumer about its home equity loan products. The creditor does not have a pre-existing business relationship with the consumer and none of the other exceptions apply. The creditor is prohibited from using eligibility information received from its insurance affiliate to make solicitations to the consumer about its home equity loan products unless the consumer is given a notice and opportunity to opt out and the consumer does not opt out.

The answer is C. That financial institution must provide consumers the right to opt out of having their nonpublic personal information shared with nonaffiliated third parties (subject to significant exceptions, such as joint marketing agreements between other financial institutions, and processing of consumer transactions) but in any case, must provide a privacy notice to disclose this. There is no right of a consumer to be afforded an opportunity to opt-in under GLBA.

Consumers must opt-in before a financial institution may share financial information with a non-affiliated third party. A is right answer. Can someone confirm?