2006 Federal Register version

Document Sample
2006 Federal Register version Powered By Docstoc
					                                                                                                                                  Thursday,
                                                                                                                                  March 29, 2007




                                                                                                                                  Part III

                                                                                                                                  Department of the Treasury
                                                                                                                                  Office of the Comptroller of the
                                                                                                                                  Currency
                                                                                                                                  12 CFR Part 40

                                                                                                                                  Office of Thrift Supervision
                                                                                                                                  12 CFR Part 573

                                                                                                                                  Federal Reserve System
                                                                                                                                  12 CFR Part 216

                                                                                                                                  Federal Deposit Insurance
                                                                                                                                  Corporation
                                                                                                                                  12 CFR Part 332

                                                                                                                                  National Credit Union
                                                                                                                                  Administration
                                                                                                                                  12 CFR Part 716

                                                                                                                                  Federal Trade Commission
                                                                                                                                  16 CFR Part 313

                                                                                                                                  Commodity Futures Trading
                                                                                                                                  Commission
                                                                                                                                  17 CFR Part 160

                                                                                                                                  Securities and Exchange
                                                                                                                                  Commission
                                                                                                                                  17 CFR Part 248
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                  Interagency Proposal for Model Privacy
                                                                                                                                  Form Under the Gramm-Leach-Bliley Act;
                                                                                                                                  Proposed Rule

                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00001   Fmt 4737   Sfmt 4737   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14940                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            DEPARTMENT OF THE TREASURY                              National Credit Union Administration                  view public comments and to view
                                                                                                    (NCUA); Federal Trade Commission                      supporting and related materials for this
                                            Office of the Comptroller of the                        (FTC); Commodity Futures Trading                      notice of proposed rulemaking. The
                                            Currency                                                Commission (CFTC); and Securities and                 ‘‘User Tips’’ link at the top of the
                                                                                                    Exchange Commission (SEC).                            Regulations.gov home page provides
                                            12 CFR Part 40                                          ACTION: Proposed rule.                                information on using Regulations.gov,
                                            [Docket ID OCC–2007–0003]
                                                                                                                                                          including instructions for submitting or
                                                                                                    SUMMARY: The OCC, Board, FDIC, OTS,                   viewing public comments, viewing
                                            RIN 1557–AC80                                           NCUA, FTC, CFTC, and SEC (the                         other supporting and related materials,
                                                                                                    Agencies) are proposing amendments to                 and viewing the docket after the close
                                            FEDERAL RESERVE SYSTEM                                  their rules that implement the privacy                of the comment period.
                                                                                                    provisions of the Gramm-Leach-Bliley                     • Mail: Office of the Comptroller of
                                            12 CFR Part 216                                         Act (GLB Act), Title V, Subtitle A. These             the Currency, 250 E Street, SW., Mail
                                            [Docket No. R–1280]
                                                                                                    rules require financial institutions to               Stop 1–5, Washington, DC 20219.
                                                                                                    provide initial and annual privacy                       • Hand Delivery/Courier: 250 E
                                            FEDERAL DEPOSIT INSURANCE                               notices to their customers. As required               Street, SW., Attn: Public Information
                                            CORPORATION                                             under section 728 of the Financial                    Room, Mail Stop 1–5, Washington, DC
                                                                                                    Services Regulatory Relief Act of 2006                20219.
                                            12 CFR Part 332                                         (Regulatory Relief Act or Act), the
                                                                                                                                                             Instructions: You must include
                                                                                                    Agencies are proposing a safe harbor
                                            RIN 3064–AD16                                                                                                 ‘‘OCC’’ as the agency name and ‘‘Docket
                                                                                                    model privacy form that financial
                                                                                                                                                          Number OCC–2007–0003’’ in your
                                                                                                    institutions may use to provide
                                            DEPARTMENT OF THE TREASURY                                                                                    comment. In general, OCC will enter all
                                                                                                    disclosures under the privacy rules.
                                                                                                                                                          comments received into the docket and
                                                                                                    Institutions that use notices based on
                                            Office of Thrift Supervision                                                                                  publish them on Regulations.gov
                                                                                                    the Sample Clauses currently contained
                                                                                                                                                          without change, including any business
                                                                                                    in most of the privacy rules would lose
                                            12 CFR Part 573                                                                                               or personal information that you
                                                                                                    the benefit of a safe harbor for
                                                                                                                                                          provide such as name and address
                                            [Docket ID OTS–2007–0005]                               compliance with respect to those
                                                                                                                                                          information, e-mail addresses, or phone
                                                                                                    notices if they are provided more than
                                            RIN 1550–AC12                                                                                                 numbers. Comments, including
                                                                                                    one year following the date of
                                                                                                                                                          attachments and other supporting
                                            NATIONAL CREDIT UNION                                   publication of a final rule. Similarly,
                                                                                                                                                          materials, received are part of the public
                                            ADMINISTRATION                                          institutions that use notices based on
                                                                                                                                                          record and subject to public disclosure.
                                                                                                    the Sample Clauses in the SEC’s privacy
                                                                                                                                                          Do not enclose any information in your
                                            12 CFR Part 716                                         rule could no longer rely on the
                                                                                                                                                          comment or supporting materials that
                                                                                                    guidance provided with respect to those
                                                                                                                                                          you consider confidential or
                                            RIN 3133–AC84                                           notices if they are provided more than
                                                                                                                                                          inappropriate for public disclosure.
                                                                                                    one year following the date of
                                            FEDERAL TRADE COMMISSION                                publication of a final rule.                             You may review comments and other
                                                                                                                                                          related materials by any of the following
                                                                                                    DATES: Comments must be submitted on
                                            16 CFR Part 313                                                                                               methods:
                                                                                                    or before May 29, 2007.
                                                                                                       For information regarding the                         • Viewing Comments Electronically:
                                            [Project No. 034815]
                                                                                                    effective dates of the provisions                     Go to http://www.regulations.gov, select
                                            RIN 3084–AA94                                           proposed in this document, see the                    ‘‘Comptroller of the Currency’’ from the
                                                                                                    discussion under ‘‘Proposed Effective                 agency drop-down menu, then click
                                            COMMODITY FUTURES TRADING                                                                                     ‘‘Submit.’’ In the ‘‘Docket ID’’ column,
                                            COMMISSION                                              Dates’’ in the SUPPLEMENTARY
                                                                                                    INFORMATION section.                                  select ‘‘OCC–2007–0003’’ to view public
                                                                                                                                                          comments for this notice of proposed
                                            17 CFR Part 160                                         ADDRESSES: Because the Agencies will
                                                                                                                                                          rulemaking.
                                                                                                    jointly review all of the comments
                                            RIN 3038–AC04                                           submitted, interested parties may send                   • Viewing Comments Personally: You
                                                                                                    comments to any of the Agencies and                   may personally inspect and photocopy
                                            SECURITIES AND EXCHANGE                                 need not send comments (or copies) to                 comments at the OCC’s Public
                                            COMMISSION                                              all of the Agencies. Commenters are                   Information Room, 250 E Street, SW.,
                                                                                                    encouraged to use the title ‘‘Model                   Washington, DC. You can make an
                                            17 CFR Part 248                                         Privacy Form’’ to facilitate the                      appointment to inspect comments by
                                                                                                    organization and distribution of                      calling (202) 874–5043.
                                            [Release Nos. 34–55497, IA–2598, IC–27755;
                                            File No. S7–09–07]                                      comments among the Agencies.                             • Docket: You may also view or
                                                                                                    Interested parties are invited to submit              request available background
                                            RIN 3235–AJO6                                                                                                 documents and project summaries using
                                                                                                    written comments to:
                                                                                                       Office of the Comptroller of the                   the methods described above.
                                            Interagency Proposal for Model
                                                                                                    Currency: You may submit comments by                     Board of Governors of the Federal
                                            Privacy Form Under the Gramm-Leach-
                                                                                                    any of the following methods:                         Reserve System: You may submit
                                            Bliley Act
                                                                                                       • Federal eRulemaking Portal—                      comments, identified by Docket No. R–
rwilkins on PROD1PC63 with PROPOSALS




                                            AGENCIES: Office of the Comptroller of                  ‘‘Regulations.gov’’: Go to http://                    1280, by any of the following methods:
                                            the Currency, Treasury (OCC); Board of                  www.regulations.gov, select                              • Agency Web Site: http://
                                            Governors of the Federal Reserve                        ‘‘Comptroller of the Currency’’ from the              www.federalreserve.gov. Follow the
                                            System (Board); Federal Deposit                         agency drop-down menu, then click                     instructions for submitting comments at
                                            Insurance Corporation (FDIC); Office of                 ‘‘Submit.’’ In the ‘‘Docket ID’’ column,              http://www.federalreserve.gov/
                                            Thrift Supervision, Treasury (OTS);                     select ‘‘OCC–2007–0003’’ to submit or                 generalinfo/foia/ProposedRegs.cfm.


                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00002   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                                  14941

                                               • Federal eRulemaking Portal: http://                agency drop-down menu, then click                        • Federal eRulemaking Portal: http://
                                            www.regulations.gov. Follow the                         submit. Select Docket ID ‘‘OTS–2007–                  www.regulations.gov. Follow the
                                            instructions for submitting comments.                   0005’’ to submit or view public                       instructions for submitting comments.
                                               • E-mail: regs.comments@                             comments and to view supporting and                      • NCUA Web Site: http://
                                            federalreserve.gov. Include docket                      related materials for this notice of                  www.ncua.gov/news/proposed_regs/
                                            number in the subject line of the                       proposed rulemaking. The ‘‘User Tips’’                proposed_regs.html. Follow the
                                            message.                                                link at the top of the page provides                  instructions for submitting comments.
                                               • Fax: 202/452–3819 or 202/452–                      information on using Regulations.gov,                    • E-mail: Address to
                                            3102.                                                   including instructions for submitting or              regcomments@ncua.gov. Include ‘‘[Your
                                               • Mail: Jennifer J. Johnson, Secretary,              viewing public comments, viewing                      name] Comments on Proposed Rule Part
                                            Board of Governors of the Federal                       other supporting and related materials,               716 (Model Form for Privacy Notice)’’ in
                                            Reserve System, 20th Street and                         and viewing the docket after the close                the e-mail subject line.
                                            Constitution Avenue, NW., Washington,                   of the comment period.                                   • Fax: (703) 518–6319. Use the
                                            DC 20551.                                                                                                     subject line described above for e-mail.
                                                                                                       • Mail: Regulation Comments, Chief                    • Mail: Address to Mary Rupp,
                                               All public comments are available
                                                                                                    Counsel’s Office, Office of Thrift                    Secretary of the Board, National Credit
                                            from the Board’s Web site at http://
                                                                                                    Supervision, 1700 G Street, NW.,                      Union Administration, 1775 Duke
                                            www.federalreserve.gov/generalinfo/
                                                                                                    Washington, DC 20552, Attention: OTS–                 Street, Alexandria, Virginia 22314–
                                            foia/ProposedRegs.cfm as submitted,
                                                                                                    2007–0005.                                            3428.
                                            unless modified for technical reasons.
                                            Accordingly, your comments will not be                     • Hand Delivery/Courier: Guard’s                      • Hand Delivery/Courier: Same as
                                            edited to remove any identifying or                     Desk, East Lobby Entrance, 1700 G                     mail address.
                                            contact information. Public comments                    Street, NW., from 9 a.m. to 4 p.m. on                    Federal Trade Commission: All
                                            may also be viewed electronically or in                 business days, Attention: Regulation                  persons are invited to submit written
                                            paper in Room MP–500 of the Board’s                     Comments, Chief Counsel’s Office,                     comments. Comments should refer to
                                            Martin Building (20th and C Streets,                    Attention: OTS–2007–0005.                             ‘‘Model Privacy Form, FTC File No.
                                            NW.,) between 9 a.m. and 5 p.m. on                         Instructions: All submissions received             P034815’’ to facilitate the organization
                                            weekdays.                                               must include the agency name and                      of comments. Comments filed in paper
                                               FDIC: You may submit comments by                     docket number for this rulemaking. All                form should include this reference both
                                            any of the following methods:                           comments received will be entered into                in the text and on the envelope, and
                                               Agency Web Site: http://                             the docket and posted on                              should be mailed or delivered to:
                                            www.fdic.gov/regulations/laws/federal.                  Regulations.gov without change,                       Federal Trade Commission/Office of the
                                            Follow instructions for submitting                      including any personal information                    Secretary, Room 135 (Annex C), 600
                                            comments on the Agency Web Site.                        provided. Comments, including                         Pennsylvania Avenue, NW.,
                                               E-mail: Comments@FDIC.gov. Include                   attachments and other supporting                      Washington, DC 20580. Because paper
                                            ‘‘Model Privacy Form’’ in the subject                   materials received are part of the public             mail in the Washington area and at the
                                            line of the message.                                    record and subject to public disclosure.              Commission is subject to delay, please
                                               Mail: Robert E. Feldman, Executive                   Do not enclose any information in your                consider submitting your comments in
                                            Secretary, Attention: Comments, Federal                 comment or supporting materials that                  electronic form, as prescribed below. If
                                            Deposit Insurance Corporation, 550 17th                 you consider confidential or                          the comment contains any material for
                                            Street, NW., Washington, DC 20429.                      inappropriate for public disclosure.                  which confidential treatment is
                                               Hand Delivery/Courier: Guard station                                                                       requested, it must be filed in paper
                                                                                                       Viewing Comments Electronically: Go                (rather than electronic) form, and the
                                            at the rear of the 550 17th Street                      to http://www.regulations.gov, select
                                            Building (located on F Street) on                                                                             first page of the document must be
                                                                                                    ‘‘Office of Thrift Supervision’’ from the             clearly labeled ‘‘Confidential.’’ 1 The
                                            business days between 7 a.m. and 5 p.m.                 agency drop-down menu, then click
                                            (EST).                                                                                                        FTC is requesting that any comment
                                                                                                    ‘‘Submit.’’ Select Docket ID ‘‘OTS–                   filed in paper form be sent by courier or
                                               Federal eRulemaking Portal: http://                  2007–0005’’ to view public comments
                                            www.regulations.gov. Follow the                                                                               overnight service, if possible.
                                                                                                    for this notice of proposed rulemaking.                  Comments filed in electronic form
                                            instructions for submitting comments.
                                               Public Inspection: All comments                         Viewing Comments On-Site: You may                  should be submitted by using the
                                            received will be posted without change                  inspect comments at the Public Reading                following Web link: https://
                                            to http://www.fdic.gov/regulations/laws/                Room, 1700 G Street, NW., by                          secure.commentworks.com/ftc-
                                            federal including any personal                          appointment. To make an appointment                   modelform (and following the
                                            information provided. Comments may                      for access, call (202) 906–5922, send an              instructions on the Web-based form). To
                                            be inspected and photocopied in the                     e-mail to public.info@ots.treas.gov, or               ensure that the Commission considers
                                            FDIC Public Information Center, 3501                    send a facsimile transmission to (202)                an electronic comment, you must file it
                                            North Fairfax Drive, Room E–1002,                       906–6518. (Prior notice identifying the               on the Web-based form at the Web link
                                            Arlington, VA 22226, between 9 a.m.                     materials you will be requesting will                 https://secure.commentworks.com/ftc-
                                            and 5 p.m. (EST) on business days.                      assist us in serving you.) We schedule                modelform. If this notice appears at
                                            Paper copies of public comments may                     appointments on business days between                 www.regulations.gov, you may also file
                                            be ordered from the Public Information                  10 a.m. and 4 p.m. In most cases,                     an electronic comment through that
                                            Center by telephone at (877) 275–3342                   appointments will be available the next
                                            or (703) 562–2200.                                      business day following the date we                      1 Commission Rule 4.2(d), 16 CFR 4.2(d). The

                                                                                                    receive a request.                                    comment must also be accompanied by an explicit
                                               Office of Thrift Supervision: You may
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                          request for confidential treatment, including the
                                            submit comments, identified by OTS–                        National Credit Union                              factual and legal basis for the request, and must
                                            2007–0005, by any of the following                      Administration: Comments should be                    identify the specific portions of the comment to be
                                            methods:                                                directed to Mary Rupp, Secretary of the               withheld from the public record. The request will
                                                                                                                                                          be granted or denied by the Commission’s General
                                               • Federal eRulemaking Portal: Go to                  Board. You may submit comments by                     Counsel, consistent with applicable law and the
                                            http://www.regulations.gov, select                      any of the following methods (Please                  public interest. See Commission Rule 4.9(c), 16 CFR
                                            ‘‘Office of Thrift Supervision’’ from the               send comments by one method only):                    4.9(c).



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00003   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14942                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            Web site. The Commission will consider                  100 F Street, NE., Washington, DC                     Administration, 1775 Duke Street,
                                            all comments that www.regulations.gov                   20549–1090.                                           Alexandria, Virginia 22314–3428.
                                            forwards to it.2 The FTC Act and other                  All submissions should refer to File                    FTC: Loretta Garrison, Senior
                                            laws the Commission administers                         Number S7–09–07 and ‘‘Model Privacy                   Attorney, Division of Privacy and
                                            permit the collection of public                         Form.’’ This file number should be                    Identity Protection, Bureau of Consumer
                                            comments to consider and use in this                    included on the subject line if e-mail is             Protection, (202) 326–3043, Federal
                                            proceeding as appropriate. All timely                   used. To help us process and review                   Trade Commission, 600 Pennsylvania
                                            and responsive public comments with                     your comments more efficiently, please                Avenue, NW., Stop NJ–3158,
                                            all required fields completed, whether                  use only one method. The Commission                   Washington, DC 20580.
                                            filed in paper or electronic form, will be              will post all comments on the                           CFTC: Laura Richards, Senior
                                            considered by the Commission, and will                  Commission’s Internet Web site (http://               Assistant General Counsel, (202) 418–
                                            be available to the public on the FTC                   www.sec.gov/rules/proposed.shtml).                    5126, or Gail B. Scott, Attorney, Office
                                            Web site, to the extent practicable, at                 Comments are also available for public                of General Counsel, (202) 418–5139,
                                            http://www.ftc.gov. As a matter of                      inspection and copying in the                         Commodity Futures Trading
                                            discretion, the Commission makes every                  Commission’s Public Reference Room,                   Commission, Three Lafayette Centre,
                                            effort to remove home contact                           100 F Street, NE., Washington, DC                     1155 21st Street, NW., Washington, DC
                                            information for individuals it receives                 20549. All comments received will be                  20581.
                                            from the public comments before                         posted without change; we do not edit
                                            placing those comments on the FTC                                                                               SEC: Catherine McGuire, Chief
                                                                                                    personal identifying information from                 Counsel, or Brice Prince, Special
                                            Web site. More information, including                   submissions. You should submit only
                                            routine uses permitted by the Privacy                                                                         Counsel, Office of the Chief Counsel,
                                                                                                    information that you wish to make                     Division of Market Regulation, (202)
                                            Act, may be found in the FTC’s privacy                  available publicly.
                                            policy, at http://www.ftc.gov/ftc/                                                                            551–5550; or Penelope Saltzman,
                                            privacy.htm.                                            FOR FURTHER INFORMATION CONTACT:                      Branch Chief, or Vincent Meehan,
                                               Commodity Futures Trading                            OCC: Amy Friend, Assistant Chief                      Senior Counsel, Office of Regulatory
                                            Commission: Comments should be                          Counsel, (202) 874–5200; Heidi Thomas,                Policy, Division of Investment
                                            directed to Eileen Donovan, Acting                      Special Counsel, Jonathan Mitchell,                   Management, (202) 551–6792, Securities
                                            Secretary of the Commission,                            Attorney, Legislative and Regulatory                  and Exchange Commission, 100 F
                                            Commodity Futures Trading                               Activities Division, (202) 874–5090;                  Street, NE., Washington, DC 20549.
                                            Commission, Three Lafayette Centre,                     David H. Nebhut, Director, Policy
                                                                                                                                                          SUPPLEMENTARY INFORMATION:      The
                                            1155 21st Street, NW., Washington, DC                   Analysis, (202) 874–5387; or Paul
                                                                                                                                                          Agencies are proposing amendments to
                                            20581. Comments may be sent by                          Utterback, NBE Compliance Specialist,
                                                                                                                                                          each of their rules (which are consistent
                                            facsimile transmission to (202) 418–                    (202) 874–4428, Office of the
                                                                                                                                                          and comparable) that implement the
                                            5528 or by e-mail to secretary@cftc.gov.                Comptroller of the Currency, 250 E
                                                                                                                                                          privacy provisions of the GLB Act: 12
                                               Securities and Exchange Commission:                  Street, SW., Washington, DC 20219.
                                                                                                                                                          CFR part 40 (OCC); 12 CFR part 216
                                            Comments may be submitted by any of                       Board: Adrianne Threatt, Counsel,                   (Board); 12 CFR part 332 (FDIC); 12 CFR
                                            the following methods:                                  Legal Division, (202) 452–3554; Jeanne                part 573 (OTS); 12 CFR part 716
                                                                                                    Hogarth, Consumer Policies Program                    (NCUA); 16 CFR part 313 (FTC); 17 CFR
                                            Electronic Comments                                     Manager, or Krista Ayoub, Senior                      part 160 (CFTC); and 17 CFR part 248
                                              • Use the Commission’s Internet                       Attorney, or Ky Tran-Trong, Counsel,                  (SEC) (collectively, the ‘‘privacy rule’’).3
                                            comment form (http://www.sec.gov/                       Division of Consumer and Community
                                            rules/proposed.shtml); or                               Affairs, (202) 452–3667; or Michelle E.               I. Background
                                              • Send an e-mail to rule-                             Shore, Federal Reserve Board Clearance
                                                                                                                                                             The Regulatory Relief Act was
                                            comments@sec.gov. Please include File                   Officer, (202) 452–3829 (for Paperwork
                                                                                                                                                          enacted on October 13, 2006.4 Section
                                            Number S7–09–07 and ‘‘Model Privacy                     Reduction Act questions only), Board of
                                                                                                                                                          728 of the Act directs the Agencies to
                                            Form’’ on the subject line; or                          Governors of the Federal Reserve
                                                                                                                                                          ‘‘jointly develop a model form which
                                              • Use the Federal eRulemaking Portal                  System, 20th Street and Constitution
                                                                                                                                                          may be used, at the option of the
                                            (http://www.regulations.gov). Follow the                Avenue, NW., Washington, DC 20551.
                                                                                                                                                          financial institution, for the provision of
                                            instructions for submitting comments.                     FDIC: David P. Lafleur, Senior Policy               disclosures under [section 503 of the
                                                                                                    Analyst, Compliance Section, Division                 GLB Act].’’ 5 The Regulatory Relief Act
                                            Paper Comments                                          of Supervision and Consumer                           stipulates that the model form shall be
                                              • Send paper comments in triplicate                   Protection, (202) 898–6569; or Ruth R.                a safe harbor for financial institutions
                                            to Nancy M. Morris, Secretary,                          Amberg, Senior Counsel, (202) 898–
                                            Securities and Exchange Commission,                     3736, or Kimberly A. Stock, Attorney,                    3 Because each Agency’s privacy rule has the
                                                                                                    (202) 898–3815, Legal Division; Federal               same section numbers, relevant sections will be
                                               2 An electronic comment can be filed by (1)          Deposit Insurance Corporation, 550 17th               cited, for example, as ‘‘section l.6’’ unless
                                            clicking on http://www.regulations.gov; (2) selecting   Street, NW., Washington, DC 20429.                    otherwise noted.
                                                                                                                                                             4 Pub. L. 109–351 (Oct. 13, 2006), 120 Stat. 1966.
                                            ‘‘Federal Trade Commission’’ at ‘‘Search for Open         OTS: Ekita Mitchell, Consumer
                                            Regulations;’’ (3) locating the summary of this                                                                  5 Id., adding 15 U.S.C. 6803(e). Section 728 of the

                                            notice; (4) clicking on ‘‘Submit a Comment on this      Regulations Analyst, Examinations,                    Regulatory Relief Act directs the agencies named in
                                            Regulation;’’ and (5) completing the form. For a        Supervision, and Consumer Protection,                 Section 504(a)(1) of the GLB Act, 15 U.S.C.
                                            given electronic comment, any information placed        (202) 906–6451; or Richard Bennett,                   6804(a)(1), to develop a model form. The CFTC,
                                            in the following fields—‘‘Title,’’ ‘‘First Name,’’      Counsel, Regulations and Legislation                  which did not become subject to Title V of the GLB
rwilkins on PROD1PC63 with PROPOSALS




                                            ‘‘Last Name,’’ ‘‘Organization Name,’’ ‘‘State,’’                                                              Act until 2000, is not named in that section. The
                                            ‘‘Comment,’’ and ‘‘Attachment’’—will be publicly        Division, (202) 906–7409, 1700 G Street,              Commodity Exchange Act (‘‘CEA’’) was amended in
                                            available on the FTC Web site. The fields marked        NW., Washington, DC 20552.                            2000 by the Commodity Futures Modernization Act
                                            with an asterisk on the form are required in order        NCUA: Regina Metz, Staff Attorney,                  of 2000 to make the CFTC a ‘‘federal functional
                                            for the FTC to fully consider a particular comment.                                                           regulator’’ subject to the GLB Act Title V. See
                                            Commenters may choose not to fill in one or more
                                                                                                    (703) 518–6561, or Ross Kendall, Staff                Section 5g of the CEA, 7 U.S.C. 7b–2. The CFTC
                                            of these fields, but if they do so, their comments      Attorney, Office of General Counsel,                  interprets Section 728 of the Regulatory Relief Act
                                            may not be considered.                                  (703) 518–6562, National Credit Union                 as applying to it through Section 5g.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00004   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                    Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                                   14943

                                            that elect to use it. Section 728 further                a consumer to opt out of certain                       institutions may use in privacy notices
                                            directs that the model form shall:                       information sharing among affiliates.11                to satisfy the privacy rule.
                                               (A) Be comprehensible to consumers,                      The privacy rule requires a financial                  Financial institutions first were
                                            with a clear format and design;                          institution to provide a privacy notice to             required to distribute privacy notices to
                                                                                                     its customers no later than when a                     their customers by July 1, 2001.13 Many
                                               (B) Provide for clear and conspicuous                                                                        privacy notices in the initial effort were
                                                                                                     customer relationship is formed and
                                            disclosures;                                                                                                    long and complex. In addition, because
                                                                                                     annually for as long as the relationship
                                               (C) Enable consumers easily to                        continues. The notice must accurately                  the privacy rule allows institutions
                                            identify the sharing practices of a                      reflect the institution’s information                  flexibility in designing their privacy
                                            financial institution and to compare                     collection and disclosure practices and                notices, notices have been formatted in
                                            privacy practices among financial                        must include specific information.                     various ways and as a result have been
                                            institutions; and                                        Section l.6 of the privacy rule requires               difficult to compare, even among
                                               (D) Be succinct, and use an easily                    the privacy notice to include the                      financial institutions with identical
                                            readable type font.                                      following:                                             privacy policies.
                                                                                                        (1) The categories of nonpublic                        In response to broad-based concerns
                                               The Agencies are required to propose
                                                                                                     personal information that the institution              expressed by representatives of financial
                                            a model form for public comment by
                                                                                                     collects;                                              institutions, consumers, privacy
                                            April 11, 2007.
                                                                                                        (2) With respect to both current and                advocates, and members of Congress,
                                            A. The Gramm-Leach-Bliley Act Privacy                    former customers, the categories of                    the Agencies conducted a workshop in
                                            Notices                                                  nonpublic personal information that it                 December 2001 to provide a forum to
                                                                                                     discloses and the categories of affiliates             consider how financial institutions
                                               Subtitle A of title V of the GLB Act,                                                                        could provide more useful privacy
                                            captioned Disclosure of Nonpublic                        and nonaffiliated third parties to whom
                                                                                                     it discloses such information other than               notices to consumers.14 The workshop
                                            Personal Information,6 requires each                                                                            featured panel presentations by
                                            financial institution to provide a notice                as permitted by the exceptions in
                                                                                                     sections l.14 and l.15;                                financial institutions, consumer
                                            of its privacy policies and practices to                                                                        advocates, and communications experts,
                                            its customers who are consumers.7 In                        (3) Where the institution relies on the
                                                                                                     exception in section l.13 to share                     and highlighted key communication
                                            general, the privacy notices must                                                                               principles to improve the notices. A
                                            describe a financial institution’s policies              nonpublic personal information
                                                                                                     (pertaining to joint marketing), the                   number of institutions, particularly
                                            and practices with respect to disclosing                                                                        those with complex information-sharing
                                            nonpublic personal information about a                   categories of information disclosed, and
                                                                                                     the categories of third parties with                   practices, described the challenges they
                                            consumer to both affiliated and                                                                                 faced in explaining their practices and
                                            nonaffiliated third parties.8 The notices                which the institution has contracted;
                                                                                                        (4) Where applicable, an explanation                the choices available to consumers in a
                                            also must provide a consumer a                                                                                  simple fashion while meeting all of the
                                                                                                     of the consumer’s right under section
                                            reasonable opportunity to direct the                                                                            legal requirements for notice. Some
                                                                                                     l.10(a) to opt out of the disclosure of
                                            institution generally not to share                                                                              institutions described results of
                                                                                                     nonpublic personal information to
                                            nonpublic personal information 9 about                                                                          consumer testing and their efforts to
                                                                                                     nonaffiliated third parties and the
                                            the consumer (that is, to ‘‘opt out’’) with                                                                     make privacy notices clearer and more
                                                                                                     methods by which the consumer may
                                            nonaffiliated third parties other than as                                                                       useful to consumers.
                                                                                                     opt out;
                                            permitted by the statute (for example,                                                                             On December 30, 2003, the Agencies
                                                                                                        (5) Disclosures made under section
                                            sharing for everyday business purposes,                                                                         published an Advance Notice of
                                                                                                     603(d)(2)(A)(iii) of the FCRA (pertaining
                                            such as processing transactions and                                                                             Proposed Rulemaking to Consider
                                                                                                     to the ability to opt out of certain
                                            maintaining customers’ accounts, and in                                                                         Alternative Forms of Privacy Notices
                                                                                                     sharing with affiliates) and the
                                            response to properly executed                                                                                   under the Gramm-Leach-Bliley Act 15
                                                                                                     applicable opt-out notice;
                                            governmental requests).10 The privacy                                                                           (ANPR) to solicit comment on a wide
                                                                                                        (6) The institution’s policies and
                                            notice must provide, where applicable                                                                           range of issues related to improving
                                                                                                     practices with respect to protecting the
                                            under the Fair Credit Reporting Act                                                                             privacy notices. The Agencies sought,
                                                                                                     confidentiality and security of
                                            (FCRA), a notice and an opportunity for                                                                         for example, comment on issues
                                                                                                     nonpublic personal information; and
                                                                                                                                                            associated with the format, elements,
                                                                                                        (7) Where applicable, a statement that
                                              6 Codified  at 15 U.S.C. 6801–6809.                                                                           and language used in privacy notices
                                                                                                     the institution discloses nonpublic
                                              7 15  U.S.C. 6803(a). A ‘‘customer’’ means a                                                                  that would make the notices more
                                            consumer who has a ‘‘customer relationship with a        personal information to nonaffiliated
                                                                                                                                                            accessible, readable, and useful, and
                                            financial institution.’’ Privacy rule, section l.3(h),   third parties pursuant to the section
                                                                                                                                                            whether to develop a model privacy
                                            SEC section 248.3(j), CFTC section 160.3(k). A           l.14 and l.15 exceptions.
                                            ‘‘consumer’’ is ‘‘an individual who obtains, from a                                                             notice that would be short and simple.
                                                                                                        The privacy rule does not prescribe
                                            financial institution, financial products or services                                                           The Agencies also solicited examples of
                                            which are to be used primarily for personal, family,     any specific format or standardized
                                            or household purposes, and also means the legal          wording for these notices. Instead,                       13 The CFTC was added by Section 5g of the
                                            representative of such an individual.’’ 15 U.S.C.        institutions may design their own                      Commodity Exchange Act, 7 U.S.C. 7b-2 (as
                                            6809(9); privacy rule, section l.3(e), SEC section       notices based on their individual                      amended by the Commodity Futures Modernization
                                            248.3(g)(1), CFTC section 160.3(h)(1).                                                                          Act of 2000), on December 21, 2000, and privacy
                                               8 15 U.S.C. 6803(a)–(c).
                                                                                                     practices provided they comply with the
                                                                                                                                                            notices were required to be delivered to consumers
                                               9 15 U.S.C. 6809(4). ‘‘Nonpublic personal             law and meet the ‘‘clear and                           by March 31, 2002.
                                            information’’ is generally defined as personally         conspicuous’’ standard in the statute                     14 Get Noticed: Writing Effective Financial
                                            identifiable financial information provided by a         and the privacy rule.12 The Appendix to                Privacy Notices, Interagency Public Workshop (Dec.
                                            consumer to a financial institution, resulting from
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                     the privacy rule contains model                        4, 2001), workshop transcripts and other supporting
                                            any transaction or any service performed for the                                                                documents are available at http://www.ftc.gov/bcp/
                                            consumer, or otherwise obtained by the financial         language (Sample Clauses) that                         workshops/glb/index.html.
                                            institution. See privacy rule, sections l.3(n) and                                                                 15 See Interagency Proposal to Consider
                                            (o), SEC sections 248.3(t) and (u), CFTC sections          11 15 U.S.C. 1681a(d)(2)(A)(iii) (FCRA); 15 U.S.C.
                                                                                                                                                            Alternative Forms of Privacy Notices Under the
                                            160.3(t) and (u).                                        6803(c)(4) (GLB Act).                                  Gramm-Leach-Bliley Act, 68 FR 75164 (Dec. 30,
                                               10 15 U.S.C. 6802; privacy rule, sections l.14 and      12 15 U.S.C. 6802, 6803; privacy rule, section       2003), available at http://www.ftc.gov/os/2003/12/
                                            l.15.                                                    l.3(b), SEC 248.3(c).                                  031223anprfinalglbnotices.pdf.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00005   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM    29MRP2
                                            14944                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            forms, model clauses, and other                         designing a privacy notice that                        proposed model form will be effective
                                            information, such as applicable research                consumers could understand and use,                    upon publication of the final rule in
                                            that has been conducted in this area.                   that facilitated comparison of sharing                 order to permit institutions that elect to
                                            The ANPR stated that the Agencies                       practices and policies across privacy                  use the form to do so immediately. The
                                            expected that consumer testing would                    notices, and that addressed all relevant               Agencies recognize that institutions may
                                            be a key component in the development                   legal requirements of the GLB Act and                  post their privacy notices on their
                                            of any specific proposals.                              FCRA. At the outset of the research, the               Internet sites, as well as deliver paper or
                                              During January and February 2004,                     Agencies considered a range of possible                email versions to their customers. The
                                            the Agencies met with a number of                       options for the notice, including a short              Agencies contemplate that institutions
                                            interested groups and individuals to                    notice, a layered approach (highlighting               that post a pdf version of the proposed
                                            discuss the issues raised in the ANPR.16                key information upfront), as well as a                 model privacy form may obtain a safe
                                            The Agencies received forty-four                        longer fully-compliant notice. The                     harbor, but are requesting comment on
                                            comments in response to the ANPR.17                     Agencies limited the project to paper-                 whether to develop a Web-based design
                                            While commenters expressed a variety                    based notices, reasoning that a                        for financial institutions to use on their
                                            of views on the questions posed in the                  successful paper notice could be readily               Internet sites, including comment on
                                            ANPR, many commenters agreed that                       adapted to another medium such as the                  particular design and/or technical
                                            the Agencies should conduct consumer                    Internet. The Agencies used a readable                 considerations.
                                            testing before proposing any alternative                font 20 and, in order not to confound the                The Agencies believe that the
                                            privacy notice.                                         research findings on comprehension by                  proposed model form meets all the
                                            B. The Interagency Notice Project                       introducing too many variables into the                requirements of the Act and is easier to
                                                                                                    test notice, expressly did not use color,              understand than most privacy notices
                                               In the summer of 2004, six Agencies 18               logos, or other graphical designs in the               currently being disseminated. The
                                            agreed to launch a project to fund                      test notices. Instead, the Agencies                    following section describes the
                                            consumer research (Notice Project).                     focused on formulating and testing                     proposed model form and highlights
                                            Their goals were to identify barriers to                content that consumers could                           some key research findings. For more
                                            consumer understanding of current                       understand and use in order to develop                 detailed information on the research
                                            privacy notices and to develop an                       a short, simplified privacy notice that                methodology and the form development
                                            alternative privacy notice, or elements                 met the research objectives.                           process, commenters are encouraged to
                                            of a notice, that consumers could more                     The form development phase                          review the full Kleimann Report. The
                                            easily use and understand compared to                   culminated in an extensive research                    Agencies also are proposing instructions
                                            current notices. When the Agencies                      report released by the Agencies in                     on how institutions may obtain a safe
                                            initiated this project, they contemplated               March 2006. Prepared by Kleimann,                      harbor by using the proposed model
                                            conducting the consumer research in                     ‘‘Evolution of a Prototype Financial                   form, including an explanation of
                                            two sequential phases. The first phase                  Privacy Notice,’’ details the process by               aspects of the form that may and may
                                            was designed as qualitative testing, that               which the Agencies and Kleimann                        not be varied.22 Institutions would not
                                            is, form development research. This                     developed an alternative privacy                       be able to vary content or format, other
                                            research involved a series of in-depth                  notice.21 As explained more fully in the               than as described in this proposal, to
                                            individual consumer interviews to                       Kleimann Report, over a one-year                       take advantage of the safe harbor.
                                            develop an alternative privacy notice                   period, Kleimann conducted two focus                   Moreover, institutions would not be
                                            that would be easier for consumers to                   groups followed by a series of 46 in-
                                            use and understand. The second phase                                                                           able to include any other information in
                                                                                                    depth, individual interviews, conducted                the proposed model form nor
                                            was designed as quantitative testing, to                sequentially at seven sites around the
                                            test the effectiveness of the alternative                                                                      incorporate this model form into any
                                                                                                    country. The interviews tested                         other document.
                                            privacy notice developed in phase one                   consumers on their ability to
                                            among a larger number of consumers.                     comprehend, use, and compare notices                   II. The Proposed Model Form
                                            The first phase has been completed and                  based on variations in vocabulary,
                                            resulted in the model notice we are                                                                            A. The Structure
                                                                                                    ordering of content, and format. The
                                            proposing for comment today. The                        structure, content, ordering of the text                 The proposed model form has either
                                            Agencies expect to conduct the second                   information, and title of the proposed                 two or three pages, depending on
                                            phase of testing after receipt of                       model form all reflect the research                    whether the financial institution
                                            comments in response to this                            findings in the qualitative consumer                   provides an opt-out. While the research
                                            proposal.19                                             testing.                                               showed that page one alone was
                                               In September 2004, the six Agencies                     The Agencies now are proposing the                  adequate for comprehension and
                                            selected Kleimann Communication                         model privacy notice produced in the                   usability, page one together with page
                                            Group, Inc. (Kleimann) as their                         form development phase with some                       two address the legal requirements of
                                            contractor for the phase one form                       minor revisions (the proposed model                    applicable Federal financial privacy
                                            development research. The research                      form) for comment in accordance with                   laws and increase consumer
                                            objectives of the Notice Project included               the Regulatory Relief Act. The Agencies                comprehension. Each of the pages of the
                                                                                                    contemplate that the safe harbor for the               model form is printed separately and
                                               16 Summaries of the outside meetings are

                                            available at http://www.ftc.gov/privacy/                  20 The text of the prototype notice is in 10 point      22 While the model form would provide a safe
                                            privacyinitiatives/financial_rule_inrp.html.            BK Avenir Book font.                                   harbor, institutions could continue to use other
                                               17 Public comments to the ANPR are available at
                                                                                                      21 See Kleimann Communication Group, Inc.,           types of notices that vary from the model form so
                                            http://www.ftc.gov/privacy/privacyinitiatives/
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                    Evolution of a Prototype Financial Privacy Notice:     long as these notices comply with the privacy rule.
                                            financial_rule_inrp.html.                               A Report on the Form Development Project (Feb.         For example, an institution could continue to use
                                               18 The six Agencies are the Board, FDIC, FTC,
                                                                                                    28, 2006) (Kleimann Report). For a copy of the full    a simplified notice as described in section l.6(c)(5)
                                            NCUA, OCC, and SEC. Information related to the          report, go to http://www.ftc.gov/privacy/              (NCUA 716.6(e)(5)) of the privacy rule if it does not
                                            Notice Project can be found at http://www.ftc.gov/      privacyinitiatives/ftcfinalreport060228.pdf. For the   have affiliates and does not intend to share
                                            privacy/privacyinitiatives/financial_rule_inrp.html.    executive summary, go to http://www.ftc.gov/           nonpublic personal information with nonaffiliated
                                               19 OTS has joined the Notice Project for the phase   privacy/privacyinitiatives/                            third parties outside of the exceptions provided in
                                            two research.                                           FTCFinalReportExecutiveSummary.pdf.                    sections l.14 and l.15.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00006   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                                      14945

                                            only on one side of an 8.5 by 11 inch                   that each institution complete the                       since Mars does not share in a way that
                                            piece of paper because, during testing,                 responses in each of the boxes provided                  triggers an opt-out, the opt-out form
                                            consumers expressed a preference for                    in a manner that accurately reflects its                 (page 3 of the proposed model form) is
                                            the model which allowed them to view                    information sharing policies and                         not required and so is not included in
                                            the information on pages one and two                    practices.                                               the Mars notice. Thus, not every
                                            side-by-side.23 The proposed model                         Below is one example of a completed                   institution subject to the privacy rule
                                            form in Appendix A is designed to be                    model form for a fictional financial                     will have to provide page three of the
                                            customized by each financial institution                institution, Neptune, whose privacy                      model form; only those institutions
                                            that elects to use it by inserting, for                 policy provides for broad sharing in a                   whose privacy practices require delivery
                                            example, the institution’s name, contact                manner that triggers consumer opt-out                    of an opt-out notice or those institutions
                                            information, and information about                      rights. For comparison, a second                         that choose to provide opt-outs beyond
                                            affiliates, nonaffiliates, or joint                     example is also provided for another                     those required by law.
                                            marketing partners, if any, with which                  fictional institution, Mars, whose
                                            it shares personal information. In                      privacy policy limits sharing and does                   policies without adequately informing consumers
                                            addition, the disclosure table requires                 not trigger consumer opt-out rights.                     about such changes. A few consumers suggested
                                                                                                    Each of these institutions uses and                      that, at a minimum, the notices should be dated to
                                                                                                    shares personal information in different                 reflect the most recent revision so consumers would
                                              23 The proposed model form has the opt-out
                                                                                                                                                             know when the notice was last changed and could
                                            options and instructions on a separate page. Staff      ways; thus, their responses in the
                                                                                                                                                             more easily identify the most recent policy
                                            of certain of the Agencies issued Frequently Asked      disclosure table vary, as do the                         statement. Changes to an institution’s policy may be
                                            Questions in December 2001 (Privacy FAQs),              descriptions of their affiliates,
                                            stating that a consumer should be able to detach a                                                               reflected in a revised notice under section l.8 of
                                            mail-in opt-out form from a privacy notice without
                                                                                                    nonaffiliates, or joint marketing partners               the privacy rule or in an annual notice. Some
                                            removing text from the privacy policy. Otherwise,       in the definition section.24 Importantly,                institutions highlight changes to their privacy
                                            the institution may violate section l.9(e) of the                                                                notices in some distinctive way, so that consumers
                                            privacy rule, which requires that a privacy policy         24 The Agencies understand that many consumers        can readily identify the change. As discussed later
                                            must be provided in such a way that a customer can      are not familiar with institutions’ information          in Section V, the Agencies invite comment on
                                            retain the text of the notices or obtain them later.    sharing practices. During the Notice Project’s initial   whether financial institutions should be required to
                                            See F.4 of the Privacy FAQs, available at http://       research, some consumers expressed concern about         alert consumers to changes in an institution’s
                                            www.ftc.gov/privacy/glbact/glb-faq.htm.                 financial institutions changing their practices and
                                                                                                                                                             privacy practices as part of the proposed model
                                                                                                                                                             form.
rwilkins on PROD1PC63 with PROPOSALS




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00007   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM     29MRP2
                                            14946                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            Example 1. Neptune Model Privacy
                                            Form
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.000</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00008   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                           14947
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                    EP29MR07.001</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00009   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14948                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.002</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00010   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                           14949

                                            Example 2. Mars Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                    EP29MR07.003</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00011   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14950                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.004</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00012   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                     Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                             14951

                                            Example 3. Illustration of Type Size for
                                            the Various Elements of the Model
                                            Form 25




                                            B. Page One—Background Information                         frame,’’ which provides context to help               and whether the consumer can opt out
                                            and the Disclosure Table                                   the consumer better understand the                    of any type of the institution’s sharing;
                                                                                                       required disclosures; (3) a table that                and (4) the institution’s contact
                                              Page one of the proposed model form                      describes the types of sharing Federal                information.
rwilkins on PROD1PC63 with PROPOSALS




                                            has four parts: (1) The title; (2) an                      law allows, which of those types of                      The research showed that the title,
                                            introductory section called the ‘‘key                      sharing the institution actually does,                ‘‘FACTS What Does [name of financial
                                                                                                                                                                                                         EP29MR07.005</GPH>




                                               25 See infra note and accompanying text. This

                                            illustration displays the font sizes of the various
                                            elements in the model form.

                                       VerDate Aug<31>2005    19:04 Mar 28, 2007   Jkt 211001     PO 00000   Frm 00013   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14952                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            institution] Do With Your Personal                      had to limit any of that sharing, and                   institution-specific information lies in
                                            Information,’’ is more likely to catch                  easily compare these practices and                      the answers to the questions within
                                            consumers’ attention so they will read                  choices among institutions. The                         each of the boxes. Accordingly, even if
                                            the notice. The title can be used by all                Agencies asked Kleimann to develop                      a financial institution does not share for
                                            institutions regardless of their                        and test a ‘‘prose’’ version describing                 one of the reasons listed in the table (for
                                            information sharing practices.                          information sharing practices since such                example, it has no affiliates and
                                               The ‘‘key frame,’’ with its three short              a format would be more comparable to                    therefore does not share with affiliates),
                                            headings—Why, What, and How—is                          notices currently used by financial                     the institution could not exclude that
                                            included because the research showed                    institutions. However, the research                     reason from the table, but would answer
                                            that, unless consumers have some basic                  found that the table design of the                      ‘‘No’’ under ‘‘Does [name of financial
                                            facts about information sharing, they are               proposed model form outperformed the                    institution] share?’’
                                            less likely to understand why they are                  prose design on a variety of measures,                     The language used in the disclosure
                                            receiving a privacy notice and what to                  including comprehension,                                table is based on Kleimann’s research.
                                            do with one. The ‘‘Why’’ box tells                      comparability, and usability.28                         The simplified phrases describing
                                            consumers that Federal law requires                        The disclosure table includes a                      information sharing practices were
                                            that the financial institution send the                 description of the possible types of                    continually refined through the
                                            notice. The ‘‘What’’ box explains the                   sharing and uses of personal                            consumer testing process to allow
                                            types of personal information financial                 information and the associated opt-out                  consumers to better understand the
                                            institutions collect and share.26 The                   choices that must be disclosed. The opt-                information sharing and use
                                            ‘‘How’’ box explains that some                          out disclosures are required under: (1)                 possibilities. The laws governing the
                                            information sharing is necessary for all                Section 502(b) of the GLB Act (regarding                disclosure of consumers’ personal
                                            institutions in order to provide the                    certain sharing with nonaffiliated third                information are not easily translated
                                            products and services that consumers                    parties); (2) section 603(d)(2)(A) of the               into short, comprehensible phrases that
                                            request. It also briefly explains what                  FCRA (regarding sharing of                              are also legally precise. Thus, the table
                                            information consumers will find in the                  creditworthiness and credit report                      in some cases uses more easily
                                            disclosure table below. The research                    information among affiliates); and (3)                  understandable short-hand terms to
                                            found that these particular headings and                section 624 of the FCRA, as added by                    describe sharing practices required to be
                                            the bulleted explanations enhanced                      section 214 of the Fair and Accurate                    in the notice. For example, the table
                                            consumers’ understanding of the                         Credit Transactions Act of 2003 (Fact                   uses the term ‘‘everyday business
                                            purpose of the notice, enabled them to                  Act), 15 U.S.C. 1681s–3 (use of that                    purposes’’ to describe the sharing
                                            make an informed decision about the                     information for marketing).29 The table                 contemplated by the exceptions in
                                            use of their personal information, and                  provides important context about what                   sections l.14 and l.15 of the privacy
                                            aided their overall comprehension.                      information sharing a financial                         rule, which does not trigger opt-out
                                               The disclosure table at the bottom of                institution actually does relative to what              rights. The research found that
                                            page one provides information about the                 it could do. The research showed that                   consumers understood that ‘‘everyday
                                            financial institution’s sharing practices.              the table, with its standardized content,               business purposes’’ means that
                                            The research found that this table is the               facilitates easy comparison of                          companies must share in some basic
                                            ‘‘heart’’ of the proposed model form,                   information sharing practices among                     ways in order to provide the financial
                                            ‘‘enabl[ing] consumers to understand                    different institutions. The structure of                products or services that consumers
                                            the details of their financial institution’s            the disclosure table and the reasons for                request. The table also speaks in terms
                                            sharing practices in the context of how                 sharing are designed to be consistent for               of the institution’s own ‘‘marketing
                                            other financial institutions can share. It              all financial institutions.30 The                       purposes’’ to capture the idea that
                                            is critical for comprehension and                                                                               nearly all, if not all, financial
                                            comparability.’’ 27 The table is featured                 28 See  id. at 185, 215, 256.                         institutions share information in
                                            on page one because it is one of the
                                                                                                      29 Pub.  L. 108–159, 117 Stat. 1952. Section 624      connection with marketing their own
                                                                                                    provides that information that may be shared            products and services to their customers
                                            most important elements of the model                    among affiliates—including transaction and
                                            form.                                                   experience information and certain                      (for example, with a service provider
                                               Key research findings were that                      creditworthiness information—cannot be used for         such as a bulk mailer or data processor)
                                            providing this information in a table                   marketing purposes unless the consumer has              in a manner that does not trigger an opt-
                                                                                                    received a notice of such use and an opportunity        out right. With respect to the reasons for
                                            form greatly increased consumers’                       to opt out, and the consumer does not opt out. The
                                            ability to readily identify and                         Agencies have included language pertaining to this      information sharing among affiliated
                                            understand an institution’s sharing                     affiliate marketing provision and the related opt-out   companies that track the FCRA
                                            practices and what, if any, choices they                on the notice developed in the consumer research        provisions 31 (the sharing of
                                                                                                    in response to comments to the ANPR. While the
                                                                                                    Agencies have not yet issued a final regulation
                                                                                                                                                            ‘‘transaction and experience
                                              26 The Agencies recognize that some financial
                                                                                                    implementing this provision of the FACT Act, they       information’’ and the sharing of ‘‘other
                                            institutions may not collect each type of               are coordinating this rulemaking with the affiliate     information’’), the disclosure table uses
                                            information described in the ‘‘What’’ box. As           marketing rulemaking to ensure that language            ‘‘Information about your
                                            reflected in the introductory clause, which states      addressing the section 624 opt-out as incorporated
                                            that the ‘‘information [collected] can include          in this model form (when finalized) would be
                                                                                                                                                            creditworthiness’’ as a short-hand term
                                            * * *,’’ the standardized terms are designed to         deemed to comply with the affiliate marketing rule.     for the statutory term ‘‘other
                                            reflect the range of information typically collected    Institutions would not be required to include           information.’’
                                            by financial institutions required to provide privacy   reference to this provision until a final rule for         The institution’s contact information
                                            notices under the GLB Act and FCRA, rather than         section 624 is issued and becomes effective, and
                                            the specific information collected by each particular   only in the event that institutions choose to
                                                                                                                                                            appears at the bottom of page one in
                                            institution, and therefore, are not to be modified to   consolidate the 624 notice and opt-out with the
rwilkins on PROD1PC63 with PROPOSALS




                                            reflect an institution’s particular practices. The      GLB Act privacy notice.                                 what nonaffiliated companies may do with the
                                            SEC’s model privacy form reflects modified terms           30 The reasons for sharing are grouped into three    personal information, other than acting as a service
                                            in the ‘‘What’’ box that are intended to include the    main categories. The first three reasons describe       provider to or acting jointly with the financial
                                            range of information typically collected by brokers,    what financial institutions do with their consumers’    institution (that is, outside the exceptions provided
                                            dealers, investment advisers registered with the        personal information. The next three reasons            in sections l.13, l.14, and l.15). This generally
                                            Commission, and investment companies.                   describe what a financial institution’s affiliates do   means marketing by the nonaffiliated company.
                                              27 See Kleimann Report, supra note , at v and 7.      with that information. The last reason describes          31 See section 603(d)(2)(A) of the FCRA.




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00014   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM    29MRP2
                                                                    Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                                      14953

                                            response to consumers’ preferences                       (1) share or use information in a manner                information with other financial
                                            expressed during testing.                                that triggers an opt-out, or (2) choose to              institutions to jointly market to me.’’
                                                                                                     provide opt-outs beyond what is                         Likewise, if a financial institution
                                            C. Page Two—Supplemental
                                                                                                     required by law.                                        wanted to offer its customers the
                                            Information
                                                                                                        The opt-out page lists three common                  opportunity to opt out of its own
                                               The second page provides additional                   methods for opting out—by telephone,                    marketing, it could provide for that
                                            explanatory information that, in                         on the Web, and by mail—and                             option by answering ‘‘Yes’’ in the
                                            combination with page one, ensures that                  summarizes the opt-out choices                          appropriate box of the disclosure table
                                            the notice includes all elements                         available to the consumer in a clear and                and by describing the opt-out choice on
                                            described in the GLB Act as                              easy-to-read format that the research                   the opt-out form, for example by stating
                                            implemented by the privacy rule. There                   found consumers appreciated. Financial                  ‘‘Do not share [or use] my personal
                                            is supplemental information in the form                  institutions that provide opt-out forms                 information to market to me.’’ To obtain
                                            of Frequently Asked Questions                            are not required to provide all the opt-                the safe harbor for use of the proposed
                                            (FAQs) 32 at the top and definitions                     out choices and methods described in                    model form, an institution that uses the
                                            below.33 The research showed that                        the Neptune opt-out form. The Agencies                  disclosure table to show any additional
                                            although consumers generally                             expect that institutions may need to                    opt-out choice must include the opt-out
                                            understood the concepts of certain                       tailor the opt-out page to reflect                      form on page three to provide
                                            technical words, they found that the                     accurately the institution’s particular                 consumers with a method for opting
                                            four definitions on page two provided                    practices.34 The model form, for                        out. The Agencies specifically invite
                                            helpful additional information that                      example, includes information for the                   comment on other opt-outs that
                                            further clarified the nature and type of                 customer’s account number as a means                    financial institutions may provide, and
                                            information sharing by a financial                       of identifying both the customer and                    on whether the Agencies should provide
                                            institution. Some of the definitions                     account to which the opt-out should                     model language based on the opt-out
                                            include institution-specific information                 apply. Institutions requiring consumers                 provisions provided in the proposed
                                            required by the GLB Act. For example,                    with multiple account numbers to list                   model form.
                                            an institution that has affiliates must                  each account number to which the opt-
                                            identify the categories of its affiliates                                                                        F. Appearance of the Model Form
                                                                                                     out should apply should modify that
                                            after the definition. Likewise, an                       portion of the form. Institutions                         In addition to the requirements that
                                            institution that has no affiliates can                   requiring information other than an                     the proposed model form be
                                            explain after the definition that it does                account number should modify that                       comprehensible, clear and conspicuous,
                                            not have affiliates.                                     portion of the form. Institutions that                  and allow for easy comparison of
                                               Examples of institution-specific                      allow more than 30 days from issuing                    privacy practices among financial
                                            information are shown for the last three                 the notice may insert that time period in               institutions, the law requires that the
                                            definitions in the italicized print in both              place of the number ‘‘30’’. The proposed                model form use an easily readable type
                                            the Neptune and Mars forms. Thus,                        rule accordingly provides instructions                  font. The prototype notice developed in
                                            Neptune has affiliates with which it                     explaining permissible variations to                    the Agencies’ phase one research and
                                            shares certain information and, under                    page three of the Neptune notice.                       shown here as the proposed model
                                            the definition of ‘‘affiliates,’’ Neptune                                                                        form, reflects consideration of a number
                                            includes information in italics that                     E. Additional Opt-Outs in the Model                     of typographical factors in the design.35
                                            describes the categories of its affiliates.              Form                                                    Type size, type style, leading, x-height,
                                            Since Mars has no affiliates, the Mars                      The third column in the disclosure                   serif versus sans serif,36 upper and
                                            form states ‘‘Mars has no affiliates.’’                  table in the proposed model form is                     lower case type, along with the page
                                                                                                     intended to provide flexibility for                     layout—all play an important role in
                                            D. Page Three—The Opt-Out Form
                                                                                                     financial institutions to include                       designing a typeface that is highly
                                               The third page provides an opt-out                    additional opt-out choices that are not                 readable. Consumers who saw the
                                            form, for use by those financial                         required by Federal law. For example, a                 prototype notice during the research
                                            institutions that share in a manner that                 financial institution may give its                      process commented on how easy the
                                            triggers consumer opt-out rights under                   customers the opportunity to limit                      type was to see and read.37
                                            the GLB Act or FCRA (see the proposed                    sharing for joint marketing. In that case,
                                            model privacy form in Appendix A and                     the financial institution would answer
                                                                                                                                                                35 The prototype notice developed in the

                                            the Neptune form). Institutions using                                                                            consumer research is 10 on 12 BK Avenir Book. The
                                                                                                     the question ‘‘Can you limit this                       ‘‘10 on 12’’ means that the font size is 10 points,
                                            the proposed model form must include                     sharing?’’ in the far right column with                 and the leading (that is, the additional space
                                            page three in their notices only if they                 ‘‘Yes (Check your choices, p. 3)’’ and                  between the lines of type) is 2 points of spacing.
                                                                                                                                                                36 Serif typeface has small strokes at the ends of
                                              32 Note that financial institutions should insert
                                                                                                     would describe the additional opt-out
                                                                                                                                                             the lines that form each letter. Sans serif typeface
                                            their names as indicated in the first three questions
                                                                                                     choice on its opt-out form, for example                 does not have those small strokes.
                                            in this section.                                         by stating, ‘‘Do not share my personal                     37 Example 3 in this proposal illustrates the
                                              33 The FAQ box regarding sources of information                                                                different font sizes used in the prototype notice for
                                            does not permit a financial institution to customize       34 See note 29. For institutions that choose to       the title, headings, and key text. Thus, the word
                                            the sources of information it collects. As with the      consolidate the 624 notice into the model form and      ‘‘FACTS’’ in the title is in 17-point type; the
                                            standardized terms describing information the            offer this opt-out, the italicized language             remainder of the title is in 11-point; the Why, Why,
                                            institution collects on page one, see supra note , the   accompanying the affiliate sharing opt-out choice       How, and Contact Us headings are in 14 point; the
                                            disclosure is intended to include the range of           on page three of the proposed model form is             headings in the disclosure table, the reasons in the
                                            information sources typically used by institutions       required only if an institution wants to limit the      left column of the disclosure table, and the
rwilkins on PROD1PC63 with PROPOSALS




                                            subject to the GLB Act and FCRA rather than the          time of the opt-out period, with 5 years the            questions in the left column of the FAQs are in
                                            information sources used by each particular              minimum opt-out period required by the statute.         10.5-point; and the text in the body of the form is
                                            institution. The SEC’s model form reflects               Where an institution elects to limit the time period    in 10-point. This information shows the relative
                                            additional terms in this box that are intended to        for which the opt-out is effective, it should look to   sizes of the various elements of the prototype and
                                            include the range of sources of information              the Agencies’ affiliate marketing rule for guidance     is intended only as a guide (and not a requirement)
                                            typically used by brokers, dealers, investment           on the manner and form in which to provide any          to those institutions that elect to use the proposed
                                            advisers registered with the Commission, and             additional notice that would effectively permit a       model form so that they can design the key
                                            investment companies.                                    consumer to renew or extend the opt-out period.                                                    Continued




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00015   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM     29MRP2
                                            14954                     Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                               All of these factors together affect the                Nevertheless, the Agencies are                           smaller text. Research shows that our
                                            readability of a document. Therefore, in                   providing these general                                  eyes ‘‘scan the top of the letters’’ x-
                                            considering these various factors for the                  recommendations for use with the                         heights during the normal reading
                                            design of an easily readable type font,                    model form: 10- or 11-point type should                  process, so that is where the primary
                                            the Agencies are proposing 10-point                        have between 1 and 3 points of leading.                  identification of each letter takes
                                            font as the minimum type size and                          Twelve-point type should have between                    place.’’ 41 Generally, a font with an x-
                                            sufficient spacing between the lines of                    2 and 4 points of leading.39                             height ratio of around .66 is easier to
                                            type (leading). The Agencies are further                      Type style and ‘‘x’’-height: Experts                  read.42
                                            providing general guidance on type                         differ on the question of the most
                                            styles.                                                    desirable type style. The model form                       The Agencies are not mandating a
                                               Type size: The readability of type size                 uses both sans serif and ‘‘monoweight’’                  particular type style or x-height in order
                                            is highly dependent on the selection of                    type, and upper and lower case lettering                 for a financial institution to obtain a safe
                                            the type style. Some styles in 10-point                    in the body of the form. While much of                   harbor. Nevertheless, based on the
                                            font are more readable than others in 12-                  the printed material in the United States                research, the Agencies are providing
                                            point font and appear larger because of                    and western Europe uses serif styles,                    these general guidelines for type style in
                                            their design. Accordingly, the Agencies                    Web designers are increasingly using                     the model form: For typefaces with a
                                            are proposing 10-point type size as the                    sans serif type, as they have found that                 smaller x-height, 11- or 12-point font
                                            minimum size for use on the model                          serif type is harder to read in this new                 should be used; for typefaces with a
                                            form.                                                      medium. These changes in Web design                      larger x-height, a 10-point font would be
                                               Leading: Leading is the spacing                         are also beginning to affect font styles in              sufficient.43 Fonts that satisfy the type
                                            between lines of type, measured in                         printed materials. Accordingly, some                     style and x-height guidelines for the
                                            points. If the line spacing is too narrow,                 typography designers are now using                       proposed model form include sans serif
                                            the type is hard to read. In such a case,                  sans serif typefaces, as well as type with               fonts such as Tahoma, Century Gothic,
                                            the ascenders (such as the upward line                     a uniform thickness throughout the
                                                                                                                                                                Myriad, Avant Garde, Bk Avenir Book,
                                            in the letter ‘‘h’’) and descenders (such                  letter (monoweight typeface), finding
                                            as the downward line in a ‘‘g’’) may                                                                                ITS Franklin Gothic, Arial, and Gill
                                                                                                       such typefaces easier to read than those
                                            touch, blending the lines of type and                      with variable thickness. While a variety                 Sans, and serif fonts such as the
                                            making it much harder to distinguish                       of type styles would be suitable for the                 Chaparral Pro Family, Minion Pro,
                                            the letters on the page. Research on the                   model notice, the Agencies caution that                  Garamond, Monotype Bodoni, and
                                            legibility of typography indicates that                    institutions that use idiosyncratic fonts                Monotype Century.44
                                            people read faster when text is set with                   or highly stylized typefaces will not                      For ease of reference, the following
                                            1 to 4 points of leading.38 The Agencies                   meet the model form safe harbor                          table summarizes the recommendations
                                            are proposing a requirement that the                       standard.                                                discussed here for institutions that
                                            leading used allow for sufficient spacing                     Larger x-height 40 makes a font appear                choose to use the model form and obtain
                                            between the lines, but are not                             larger and thus more readable, and fonts                 the safe harbor.
                                            mandating a specific amount.                               with larger x-heights are better for

                                                           If                           Then use                           And use                                        And use font with

                                            Font is 10-point ...............   1–3 points leading .........    Monoweight typeface ...........     Large x-height sans serif (around .66 ratio).
                                            Font is 11-point ...............   1–3 points leading .........    Monoweight typeface ...........     Smaller x-height is acceptable; either serif or sans serif
                                                                                                                                                     (less than .66 ratio is acceptable).
                                            Font is 12-point ...............   2–4 points leading .........    Monoweight or variable type-        Smaller x-height is acceptable; either serif or sans serif
                                                                                                                face.                                (less than .66 ratio is acceptable).



                                            G. Printing, Logos, and Color                                The model form used in the consumer                      The Agencies propose that
                                                                                                       testing was printed on 8.5 by 11 inch                    institutions using the model form use
                                              The Agencies recognize that financial                    non-glossy paper, using varying shades                   white or light color paper (such as
                                            institutions have a strong interest in                     of black ink to achieve the black and                    cream) with black or suitable
                                            ensuring that documents they provide to                    gray tones in the published prototype.                   contrasting color ink. Spot color is
                                            the public have a distinctive look that                    The Agencies propose printing each                       permitted to achieve visual interest to
                                            may be readily recognized by                               page of the model form on one side of                    the model form, so long as the color
                                            consumers. Thus, a financial institution                   an 8.5 by 11 inch piece of paper so that                 contrast is distinctive and the color does
                                            that uses the proposed model form may                      each page of the model form can be                       not detract from the form’s readability.
                                            include its corporate logo on any of the                   viewed simultaneously. The Agencies                      The Agencies seek comment on
                                            pages, so long as the logo design does                     seek comment on other formats that may                   whether, how, and to what extent
                                            not interfere with the readability of the                  achieve the readability and ease of use                  institutions that elect to use the model
                                            model form or space constraints of each                    preferred by consumers.                                  form will use logos and/or color.
                                            page.

                                            elements, such as the headings and title, larger than         40 The ‘‘x-height’’ is the height of the lower-case     43 See Schriver, supra note at 264; see also pp.

                                                                                                       ‘‘x’’ in relation to full height letters, such as a
rwilkins on PROD1PC63 with PROPOSALS




                                            the 10-point font size in the text.                                                                                 258–59.
                                              38 Karen A. Schriver, Dynamics In Document               capital G. X-height is critical to type legibility.        44 A number of these font styles, including Arial,
                                                                                                          41 Erik Spiekermann & E.M. Ginger, Stop Stealing
                                            Design, 274 (1997).                                                                                                 Tahoma, Century Gothic, Garamond, and Bodoni,
                                                                                                       Sheep & Find Out How Type Works, 93 (1993).
                                              39 Id. at 262; see also James Hartley, Designing
                                                                                                          42 See, e.g., Hewlett-Packard Corporation, Panose
                                                                                                                                                                are preloaded on commonly used operating systems
                                            Instructional Text (1994); and Barbara Chaparro et                                                                  with most new personal computers. The other font
                                                                                                       Classification Metrics Guide (2006), available at
                                            al., Reading Online Text: A Comparison of Four             http://www.monotypeimaging.com/                          styles are commercially available as well.
                                            White Space Layouts, 6(2) (2004).                          productsservices/pan2.aspx.



                                       VerDate Aug<31>2005      19:04 Mar 28, 2007   Jkt 211001   PO 00000    Frm 00016   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM    29MRP2
                                                                    Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                         14955

                                            III. The Sample Clauses                                  with this proposal, the SEC proposes                 modifications that could be made to
                                               The proposed model form is a                          that one year after the end of the                   page one and/or page three in
                                            standardized notice that would replace                   transition period, the Sample Clauses                accordance with legal requirements and
                                            the Sample Clauses currently found in                    would be rescinded and no longer                     the intent to keep the table on the first
                                            Appendix A of the privacy rule. It could                 provide guidance regarding the rule’s                page of the form.
                                            be used by a financial institution at its                application to financial institutions                  4. The extent to which financial
                                            option to comply with requirements for                   subject to the SEC’s privacy rule.                   institutions intend to incorporate the
                                            a clear and conspicuous privacy notice                                                                        FCRA section 624 disclosure and opt-
                                                                                                     IV. Proposed Effective Dates                         out for affiliate marketing in the model
                                            that meets the content requirements in
                                            sections l.6 and l.7 of the privacy                         The provisions of the final rule will             form, with an explanation of why or
                                            rule.45 Research to date indicates that                  be effective [DATE OF PUBLICATION                    why not, and the time period they may
                                            the language in the Sample Clauses is                    OF THE FINAL RULE], with the                         offer to consumers for the opt-out
                                            confusing, and accordingly, the                          following exceptions:                                period.
                                            Agencies propose to eliminate the                           Sec. l.6, paragraph (g) will be                     5. Whether financial institutions
                                            Sample Clauses from the privacy rule.                    effective [DATE OF PUBLICATION OF                    should be required to alert consumers to
                                               However, to ease the compliance                       THE FINAL RULE] until [DATE 2                        changes in an institution’s privacy
                                            burden for those institutions that                       YEARS AFTER PUBLICATION OF THE                       practices as part of the model form.
                                            currently have privacy notices based on                  FINAL RULE].
                                                                                                        Newly redesignated Appendix B will     B. Format of the Model Form
                                            the Sample Clauses, the Agencies are
                                            proposing a transition period of one                     be effective [DATE OF PUBLICATION            1. Whether each page of the proposed
                                            year after which financial institutions                  OF THE FINAL RULE] until [DATE 2          model form should be required to be on
                                            would no longer obtain a safe harbor by                  YEARS AFTER PUBLICATION OF THE            a separate piece of paper or whether
                                            using the sample clauses. Privacy                        FINAL RULE].                              another format could also allow
                                            notices using the Sample Clauses that                                                              consumers to readily see all the
                                                                                                     V. Request for Comments
                                            are delivered to consumers (either in                                                              information in the model form at the
                                                                                                        The Agencies seek comment on all       same time.
                                            paper form or by electronic delivery
                                                                                                     aspects of the proposed model form.          2. Whether the guidance on easily
                                            such as email) or, alternatively, are
                                                                                                     The Agencies also invite commenters to readable type font in the instructions is
                                            posted electronically to meet the annual
                                            notice requirement of section l.9(c),                    submit any additional consumer            helpful and/or sufficient for institutions
                                            would have a safe harbor for one year.                   research that may inform the statutory    that use the proposed model form.
                                            Privacy notices using the Sample                         requirements. Commenters proposing           3. What size paper would be
                                            Clauses that are delivered or posted                     alternative model notices or elements of appropriate for the model form while
                                            electronically after the one-year                        a notice should submit any available      conforming to the guidance for easily
                                            transition period would no longer                        supporting consumer research and          readable type font and layout.
                                            obtain the safe harbor. Since institutions               documentation demonstrating that these       4. Whether financial institutions want
                                            are required to send notices annually to                 alternatives meet the statutory           to use color and/or logos on the
                                            their customers, annual notices that are                 requirements. The Agencies expect to      proposed model form, and the manner
                                            delivered to consumers (either in paper                  do additional testing before finalizing a and extent to which they would use
                                            form or by electronic delivery such as                   model form. We solicit comment on         them without conflicting with
                                            email) within the transition period                      particular approaches to consumer         readability of the form and space
                                            would continue to get the safe harbor                    testing for the Agencies to consider.     requirements.
                                            until the next annual privacy notice is                     The Agencies particularly seek
                                                                                                     comment on the following issues:          C. Additional Information
                                            due one year later.46 The Sample
                                                                                                                                                  1. The extent to which financial
                                            Clauses would be rescinded one year                      A. Content of the Model Form
                                            after the transition period ends.                                                                  institutions subject to the GLB Act are
                                               The Agencies note that the SEC’s                         1. Whether a commenter believes        likely to use the proposed model form,
                                            privacy rule does not provide a safe                     particular aspects of the form are not    including a detailed explanation of why
                                            harbor for financial institutions that use               clear and conspicuous or                  the commenter does or does not expect
                                            the Sample Clauses. Rather, the Sample                   comprehensible; and, if so, identify      financial institutions to use the form.
                                            Clauses provide guidance concerning                      those aspects and explain in detail the      2. Particular approaches to additional
                                            the SEC privacy rule’s application in                    basis for that conclusion.                consumer testing of the model form that
                                            ordinary circumstances.47 Consistent                        2. Whether financial institutions can  the Agencies should consider.
                                                                                                     accurately disclose their information        3. The proposal to replace the Sample
                                               45 The Agencies are also proposing conforming         sharing practices by using the            Clauses with the proposed model form,
                                            amendments to sections l.2, l.6, and l.7 of the          standardized provisions and vocabulary including—(1) the transition period
                                            privacy rule and to the Appendix.                        in the proposed model form, including     after which use of these clauses no
                                               46 For example, if an institution provides a notice
                                                                                                     whether the proposed disclosure table     longer qualifies for a safe harbor, or, for
                                            using the Sample Clauses on day 361 after the
                                            effective date of the rule, it would continue to have
                                                                                                     provides a financial institution with     institutions subject to the SEC’s privacy
                                            the safe harbor for one year until its next annual       sufficient flexibility to disclose its    rule, guidance concerning the rule’s
                                            notice is due. If an institution provides a notice       sharing practices, or any additional opt- application and (2) whether the
                                            using the Sample Clauses on day 369 after the            outs it offers, including a detailed      Agencies should retain Sample Clauses
                                            effective date of the rule, it would not obtain the
                                            safe harbor. Privacy notices using the Sample
                                                                                                     explanation of why or why not.            A–1, A–3, and A–7, or develop model
                                            Clauses posted on an institution’s Web site to meet         3. The extent to which modifications   clauses to replace those sample clauses,
rwilkins on PROD1PC63 with PROPOSALS




                                            the annual notice requirements of section l.9(c)         to the opt-out form are necessary for a   for use as a safe harbor only by those
                                            would no longer get the safe harbor beginning one        financial institution to describe its     institutions that provide the simplified
                                            year after the final rule becomes effective.
                                               47 See SEC privacy rule, section 248.2(a). The
                                                                                                     information practices accurately,         notice described in section l.6(c)(5)
                                            facts and circumstances of each individual situation
                                                                                                     facilitate consumer use of the opt-out    (NCUA 716.6(e)(5)) of the privacy rule.
                                            determine whether use of the Sample Clauses              form, or offer additional opt-outs,          4. Whether the Agencies should
                                            constitutes compliance with the SEC’s privacy rule.      including an explanation of the           develop a Web-based design for those


                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00017   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14956                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            financial institutions that would like to               the types of personal information that                privacy notices. The Act also requires
                                            use an electronic version of the                        may be collected (in the key frame on                 that the proposed model form enable
                                            proposed model form, and if so,                         page one), and (b) the examples of                    consumers easily to identify a financial
                                            whether institutions have suggestions                   sources of information collection (in the             institution’s sharing practices and
                                            for particular design and/or technical                  FAQ on sharing practices on page two).                compare it with others.
                                            considerations.                                         The SEC requests that commenters who                    As indicated in Section I of this
                                               5. Whether the Agencies should                       believe the proposed terms are not                    release, the amendments to Appendix A
                                            develop and make available on their                     sufficient suggest alternative or                     of the Agencies’ privacy rule are
                                            Web sites a readily accessible and                      additional terms that would be more                   proposed pursuant to the authority set
                                            downloadable model form with                            accurate and explain why those terms                  forth in § 503 (as amended by section
                                            ‘‘fillable’’ fields for institutions that               would more accurately reflect typical                 728 of the Regulatory Relief Act) and
                                            wish to use the model form to create                    information collection and sharing                    § 504 of the GLB Act.49
                                            their own privacy notices; if so, whether               practices for brokers, dealers,                       C. Small Entities Subject to the
                                            institutions would use this                             investment advisers registered with the               Proposed Rule Amendments
                                            downloadable model form; and whether                    SEC, and investment companies.
                                            it would be useful, particularly for                      2. Whether institutions should be able                The proposed amendments to
                                            smaller institutions that want to obtain                to omit certain terms that may not apply              Appendix A and conforming
                                            the safe harbor.                                        to their information collection practices             amendments to sections l.2, l.6, and
                                               6. Whether an SEC-regulated entity                   or their sources of information.                      l.7 of the Agencies’ privacy rules could
                                            and an affiliated institution regulated by                                                                    potentially affect financial institutions,
                                            another Agency that intend to provide a                 VI. Regulatory Flexibility Act                        including financial institutions that are
                                            joint privacy notice should be able to                     The Regulatory Flexibility Act                     small businesses or small organizations,
                                            choose to rely on either the SEC model                  (‘‘RFA’’), 5 U.S.C. 601–612, requires an              that choose to rely on the proposed
                                            privacy form or the model privacy form                  agency to provide an Initial Regulatory               model privacy form as a safe harbor.
                                            proposed by the other Agency.48                         Flexibility Analysis (‘‘IRFA’’) with a                  1. OCC. The OCC estimates that 1,050
                                               7. The Agencies are aware that many                  proposed rule and a Final Regulatory                  insured national banks, uninsured
                                            institutions, but not all, currently                    Flexibility Analysis (‘‘FRFA’’) with the              national banks and trust companies, and
                                            request the customer to provide his or                  final rule, if any, unless the agency                 foreign branches and agencies are small
                                            her account number or Social Security                   certifies that the rule would not have a              entities for purpose of the Regulatory
                                            number (or other personal information,                  significant economic impact on a                      Flexibility Act.
                                            separately or in conjunction with such                  substantial number of small entities. See               2. Board. The Board estimates that
                                            information) in order to opt out,                       5 U.S.C. 603–605. Because the use of the              473 state member banks are small
                                            whether by toll-free telephone, by                      model form issued in this proposal is                 entities for purposes of the Regulatory
                                            electronic means such as e-mail, or by                  optional, the Agencies do not expect                  Flexibility Act.
                                            regular mail. Do institutions need that                 that the rule will have a significant                   3. FDIC. The FDIC estimates that
                                            information in order to process opt-out                 economic impact on a substantial                      3,302 state nonmember banks are small
                                            requests, or would the customer’s name                  number of small entities. However,                    entities for purposes of the Regulatory
                                            and address alone, or the customer’s                    because the statute creates a new safe                Flexibility Act.
                                            name, address, and a truncated account                  harbor for institutions by replacing the                4. OTS. The OTS estimates that 429
                                            number for a single account, be                         Sample Clauses in the current rule, with              small savings associations are small
                                            sufficient to process opt-out requests,                 a model form, we have determined that                 entities for purposes of the Regulatory
                                            including for customers with multiple                   it is appropriate to publish the following            Flexibility Act.
                                            accounts at the same institution? Should                IRFA in order to inquire into the impact                5. NCUA. The Regulatory Flexibility
                                            the Agencies consider omitting a line for               of the proposed rule on small entities.               Act requires NCUA to prepare an
                                            such information on the opt-out page for                                                                      analysis to describe any significant
                                            the model privacy form in order to                      A. Reasons for the Proposed Action                    economic impact a regulation may have
                                            better protect customers and make it                      The Agencies are issuing this                       on a substantial number of small credit
                                            easier to opt out? Alternatively, should                proposed rule for comment because the                 unions (primarily those under $10
                                            the opt-out page on the model form                      Regulatory Relief Act specifically                    million in assets). The NCUA estimates
                                            contain a line for a truncated account                  requires them, no later than April 11,                that 3,805 credit unions are small
                                            number or other identifying                             2007, to publish for comment a model                  entities for purposes of the Regulatory
                                            information?                                            form that financial institutions may use              Flexibility Act.
                                               The SEC specifically requests the                    as a safe harbor to satisfy their notice                6. FTC. Determining a precise
                                            following additional comment from its                   requirements under the Agencies’                      estimate of the number of small entities
                                            regulated entities:                                     existing privacy rule.                                that are financial institutions within the
                                               1. Whether the standardized                                                                                meaning of the proposed rule is not
                                            provisions and vocabulary in the                        B. Objectives of, and Legal Basis for, the            readily feasible. The GLB Act does not
                                            proposed model form for SEC-regulated                   Proposed Action                                       identify for purposes of the
                                            financial institutions are sufficient to                   The goal of the proposed amendments                Commission’s jurisdiction any specific
                                            allow these financial institutions                      is to satisfy the requirements of section
                                            accurately to disclose their information                728 of the Regulatory Relief Act, which                 49 The SEC also is proposing the amendments

                                                                                                    requires that the Agencies propose a                  under section 504 of the GLB Act [15 U.S.C. 6804],
                                            sharing practices, and specifically on                                                                        section 23 of the Securities Exchange Act of 1934
                                            the terms used in: (a) the description of               model form that is comprehensible,                    [15 U.S.C. 78w], section 38(a) of the Investment
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                    clear and conspicuous, and succinct.                  Company Act of 1940 [15 U.S.C. 80a–37(a)], and
                                              48 As noted above, see supra notes 26, 33, the SEC    The final model form that the Agencies                section 211 of the Investment Advisers Act of 1940
                                            model privacy form provides slightly modified           adopt after reviewing comments would,                 [15 U.S.C. 80b–11].
                                            terms on pages one and two of the model form,                                                                   The CFTC also is proposing the amendments
                                            which include the range of information typically
                                                                                                    if properly used, serve as a safe harbor              under Section 504 of the GLB Act [15 U.S.C. 6804],
                                            collected by brokers, dealers, investment advisers      for satisfying the privacy rule’s                     and Sections 5g and 8a(5) of the Commodity
                                            registered with the SEC, and investment companies.      requirements regarding content of                     Exchange Act [7 U.S.C. 7b–2, 12a(5)].



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00018   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                     Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                           14957

                                            category of financial institution. In the                 identify their sharing and opt-out                    Regulatory Relief Act requires the
                                            absence of such information, there is no                  policies.                                             Agencies to publish ‘‘a’’ model form
                                            way to estimate precisely the number of                                                                         that, among other things, will facilitate
                                                                                                      D. Reporting, Recordkeeping, and Other
                                            affected entities that share nonpublic                                                                          comparison of the information sharing
                                                                                                      Compliance Requirements
                                            personal information with nonaffiliated                                                                         practices of different financial
                                            third parties or that establish customer                     The proposed rule does not itself                  institutions. In light of these statutory
                                            relationships with consumers and                          impose any additional recordkeeping,                  requirements, the Agencies are
                                            therefore assume greater disclosure                       reporting, disclosure, or compliance                  proposing only one model form, which
                                            obligations.                                              requirements. Financial institutions,                 includes alternative language in some
                                                                                                      including small entities, have been                   places that allows a financial institution
                                               7. CFTC. The CFTC is unable to
                                                                                                      required to provide notice to consumers               to accurately describe its particular
                                            determine a precise estimate of its
                                                                                                      about the institution’s privacy policies              information sharing practices. The
                                            registrants that are small entities, or that
                                                                                                      and practices since July 1, 2001 (or                  specific model form that the Agencies
                                            would be using the model form.
                                                                                                      March 31, 2002 in the case of the CFTC).              are proposing was developed as part of
                                               8. SEC. The SEC estimates that 911                     The proposed amendments would not                     a careful and thorough consumer testing
                                            broker-dealers, 210 investment                            affect these requirements and financial               process designed to produce a clear,
                                            companies registered with the                             institutions would be under no                        comprehensible, and comparable notice.
                                            Commission, and 710 investment                            obligation to modify their current                    The proposed model form emerged as
                                            advisers registered with the Commission                   privacy notices as a result of the                    the most effective of several notice
                                            are small entities for purposes of the                    proposed amendments. Instead, the                     formats considered as part of this
                                            Regulatory Flexibility Act.50                             amendments propose a specific model                   testing. Although the Agencies know of
                                               Because use of the model privacy                       privacy form that a financial institution             no other model privacy notice that has
                                            form would be entirely voluntary, the                     may use to comply with notice                         been developed in this manner, we are
                                            Agencies have no way to estimate how                      requirements under the GLB Act, the                   specifically inviting comments about
                                            many small financial institutions would                   FCRA (as amended by the FACT Act),                    alternative model notices or elements of
                                            use it.51 The Agencies expect, however,                   and the privacy rule. Nonetheless, if the             notices, along with supporting research
                                            that small financial institutions,                        proposed amendments are adopted,                      and documentation. The Agencies will
                                            particularly those that do not have                       some of the financial institutions that               carefully consider any such submissions
                                            permanent staff available to address                      rely on the Sample Clauses in the                     before adopting a final model form.
                                            compliance matters associated with the                    current privacy rules’ appendixes may                    2. Clarification, consolidation, or
                                            privacy rule, would be relatively more                    wish to transition to the proposed                    simplification of reporting and
                                            likely to rely on the model privacy form                  model form and may incur some small,                  compliance requirements. The Agencies
                                            than larger institutions. We believe that                 incremental costs in making this                      believe that the proposed model form
                                            most financial institutions currently                     transition.52 The Agencies expect,                    would simplify the reporting
                                            have legal counsel review their privacy                   however, that the availability of a                   requirements for all entities, including
                                            notices for compliance with the GLB                       standardized model form would offset                  small entities, that choose to use the
                                            Act, the FCRA, and the privacy rule. We                   these costs because the form’s                        model form. We anticipate that financial
                                            believe that a financial institution that                 standardized formatting and language                  institutions that choose to use the
                                            uses the model form for its privacy                       would make it easier for institutions to              proposed model form would spend less
                                            notice would need little, if any, review                  prepare and revise their privacy                      time preparing notices than if they had
                                            by legal counsel because the proposed                     policies.                                             to draft one on their own. Because the
                                            regulation does not permit institutions                                                                         model form was developed as part of a
                                                                                                      E. Duplicative, Overlapping, or
                                            to vary the form to obtain the benefit of                                                                       consumer testing process, it is difficult
                                                                                                      Conflicting Federal Rules
                                            a safe harbor, except as necessary to                                                                           for the Agencies to further clarify,
                                                                                                        We believe there are no federal rules               consolidate, or simplify the model
                                               50 For purposes of the Regulatory Flexibility Act,     that duplicate, overlap, or conflict with             notice without compromising the
                                            under the Securities Exchange Act of 1934 a small         the proposed amendments. In fact, the                 research findings.
                                            entity is a broker or dealer that (i) had total capital   Agencies have designed the model form                    3. Performance rather than design
                                            of less than $500,000 on the date in its prior fiscal     so that a financial institution may use it            standards. Section 728 of the Regulatory
                                            year as of which its audited financial statements
                                            were prepared or, if not required to file audited
                                                                                                      to satisfy disclosure requirements for                Relief Act specifically requires that the
                                            financial statements, on the last business day of its     both the GLB Act and the FCRA (as                     Agencies propose a model form. The
                                            prior fiscal year, and (ii) is not affiliated with any    amended by the FACT Act).                             model form is an alternative means of
                                            person that is not a small entity and is not affiliated                                                         providing a privacy notice that
                                            with any person that is not a small entity. 17 CFR        F. Significant Alternatives
                                            240.0–1. Under the Investment Company Act of
                                                                                                                                                            institutions may choose to use. The
                                            1940, a ‘‘small entity’’ is an investment company
                                                                                                        The RFA directs the Agencies to                     privacy rule does not mandate the
                                            that, together with other investment companies in         consider significant alternatives that                format of privacy notices; thus neither
                                            the same group of related investment companies,           would accomplish the stated objectives,               the rule nor the proposed amendment
                                            has net assets of $50 million or less as of the end       while minimizing any significant
                                            of its most recent fiscal year. 17 CFR 270.0–10.
                                                                                                                                                            would impose a design standard.
                                            Under the Investment Advisers Act of 1940, a small
                                                                                                      adverse impact on small entities. In                     4. Exempting small entities. We
                                            entity is an investment adviser that ‘‘(i) manages        connection with the proposed                          believe that an exemption for small
                                            less than $25 million in assets, (ii) has total assets    amendments, we considered the                         entities would not be appropriate or
                                            of less than $5 million on the last day of its most       following alternatives:                               desirable. The Agencies note that the
                                            recent fiscal year, and (iii) does not control, is not
                                            controlled by, and is not under common control
                                                                                                        1. Different reporting or compliance                model form is available for use at the
rwilkins on PROD1PC63 with PROPOSALS




                                            with another investment adviser that manages $25          standards. As noted above, the                        discretion of all financial institutions,
                                            million or more in assets, or any person that had                                                               including small institutions. Moreover,
                                            total assets of $5 million or more on the last day          52 We believe that institutions review their
                                                                                                                                                            two key objectives of the proposed
                                            of the most recent fiscal year.’’ 17 CFR 275.0–7.         privacy policies annually, and the costs associated
                                               51 The Agencies have requested comment on the          with this annual review, including professional
                                                                                                                                                            model form are that (1) consumers can
                                            likelihood that financial institutions would use the      costs, for compliance are likely to be the same as    understand an institution’s information
                                            model privacy form. See supra section V.                  the costs to complete the proposed model form.        sharing practices and (2) they may more


                                       VerDate Aug<31>2005    19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00019   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14958                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            easily compare financial institutions’                  OCC and OTS Executive Order 12866                     governments, or by the private sector, of
                                            sharing practices and policies across                   Determination                                         $100 million or more. Accordingly,
                                            privacy notices. An exemption for small                   The OCC and OTS each has                            neither the OCC nor the OTS has
                                            entities would directly conflict with                   determined that its portion of the                    prepared a budgetary impact statement
                                            both of these key objectives, particularly              proposed rulemaking is not a significant              or specifically addressed the regulatory
                                            enabling comparison across notices.                     regulatory action under Executive Order               alternatives considered.
                                            G. Solicitation of Comments                             12866.
                                                                                                                                                          SEC Cost Benefit Analysis
                                               We encourage the submission of                       OCC and OTS Executive Order 13132
                                            comments with respect to any aspect of                  Determination                                            The SEC is sensitive to the costs and
                                            this IRFA. In particular, we request                                                                          benefits imposed by its rules. As
                                                                                                      The OCC and OTS each has
                                            comments regarding: (i) The number of                                                                         discussed above, the amendments the
                                                                                                    determined that its portion of the
                                            small entities that would be affected by                proposed rulemaking does not have any                 Agencies are proposing today would
                                            the proposed amendments; (ii) the                       federalism implications, as required by               replace the sample clauses included in
                                            existence or nature of the potential                    Executive Order 13132.                                Regulation S–P’s Appendix A (17 CFR
                                            impact of the proposed amendments on                                                                          part 248, appendix A) with a model
                                            small entities discussed in the analysis;               NCUA Executive Order 13132                            privacy form that financial institutions
                                                                                                    Determination                                         could choose to provide to consumers.
                                            (iii) how to quantify the impact of the
                                            proposed amendments; and (iv) the                         Executive Order 13132 encourages                    The proposed amendments are designed
                                            consideration of alternatives.                          independent regulatory agencies to                    to implement section 728 of the
                                            Commenters are asked to describe the                    consider the impact of their actions on               Regulatory Relief Act. This Act directs
                                            nature of any impact and provide                        State and local interests. In adherence to            the Agencies to ‘‘jointly develop a
                                            empirical data supporting the extent of                 fundamental federalism principles, the                model form which may be used, at the
                                            the impact. As noted above in Section                   NCUA, an independent regulatory                       option of the financial institution, for
                                            V, the Agencies specifically request                    agency as defined in 44 U.S.C. 3502(5)                the provision of disclosures under
                                            comment on whether a downloadable                       voluntarily complies with the Executive               [section 503 of the GLB Act].’’ Use of the
                                            version of the proposed model form                      Order. The proposed rule would not
                                                                                                                                                          model form would be voluntary so a
                                            would be useful for financial                           have substantial direct effects on the
                                                                                                                                                          financial institution could itself
                                            institutions, and particularly small                    States, on the connection between the
                                                                                                    national government and the States, or                determine the benefits and costs in
                                            entities that would like to take                                                                              deciding whether using the model form
                                            advantage of the safe harbor. All                       on the distribution of power and
                                                                                                    responsibilities among the various                    would be suitable for its business and
                                            comments on this IRFA will be                                                                                 customers. Moreover, a financial
                                            considered in the preparation of the                    levels of government. The NCUA has
                                                                                                    determined that this proposed rule does               institution that elected to use the model
                                            Final Regulatory Flexibility Analysis, if
                                                                                                    not constitute a policy that has                      privacy form would benefit from the
                                            the proposed amendments are adopted.
                                                                                                    federalism implications for purposes of               safe harbor it provides for disclosures
                                            VII. Paperwork Reduction Act                            the Executive Order.                                  required under the GLB Act. There
                                               The final rules governing the privacy                                                                      would be no incremental costs of the
                                                                                                    OCC and OTS Unfunded Mandates
                                            of consumer financial information                                                                             information requirements for the
                                                                                                    Reform Act of 1995 Determination
                                            contain disclosures that are considered                                                                       proposed model privacy form because
                                                                                                       Section 202 of the Unfunded                        the disclosures are already required
                                            collections of information under the
                                                                                                    Mandates Reform Act of 1995, Public                   under Regulation S–P. However,
                                            Paperwork Reduction Act (PRA, 44
                                                                                                    Law 104–4 (Unfunded Mandates Act)                     financial institutions could incur some
                                            U.S.C. 3501 et seq.). Before the Agencies
                                                                                                    requires that an agency prepare a                     personnel costs in implementing the
                                            issued their privacy rules, they obtained
                                                                                                    budgetary impact statement before
                                            approval from OMB for the collections.                                                                        proposed model form. We expect these
                                                                                                    promulgating a rule that includes a
                                            OMB control numbers for the                                                                                   would be minimal because the language
                                                                                                    Federal mandate that may result in
                                            collections appear below. These                                                                               and format in the form are standardized
                                                                                                    expenditure by State, local, and tribal
                                            proposed rules do not introduce any                                                                           and particularly if the form could be
                                                                                                    governments, in the aggregate, or by the
                                            new collections of information into the                                                                       downloaded from a Web site.53
                                                                                                    private sector, of $100 million or more
                                            Agencies’ privacy rules, nor do they                    in any one year. If a budgetary impact                Financial institutions can only
                                            amend the rules in a way that                           statement is required, section 205 of the             customize very limited sections of the
                                            substantively modifies the collections of               Unfunded Mandates Act also requires                   model privacy form. Insofar as the
                                            information that OMB has approved.                      an agency to identify and consider a                  Sample Clauses in current Regulation
                                            Therefore, no PRA submissions to OMB                    reasonable number of regulatory                       S–P may have some value to some
                                            are required.                                           alternatives before promulgating a rule.              financial institutions, their phase-out
                                               OCC: Control number 1557–0216.                       However, the Unfunded Mandates Act                    under the proposed amendments to the
                                               Board: Control number 7100–0294.                     provisions do not apply to regulations                rule could create some costs to those
                                               FDIC: Control number 3064–0136.                      that incorporate requirements                         institutions. If financial institutions,
                                               OTS: Control number 1550–0103.                       specifically set forth in law. Because                including SEC-regulated institutions,
                                               NCUA: Control number 3133–0163                       this notice of proposed rulemaking is                 make widespread use of the model
                                            (NCUA in separate submissions to OMB                    issued pursuant to section 728 of the                 privacy form, we anticipate that
                                            is currently in the process of requesting               Regulatory Relief Act, the OTS and OCC                consumers will benefit from notices that
rwilkins on PROD1PC63 with PROPOSALS




                                            reinstatement, with revisions due to the                are not required to conduct an                        are more comprehensible and easier to
                                            decrease in the number of respondent                    Unfunded Mandates Analysis for this                   compare and use.
                                            credit unions, to this number.)                         rulemaking. Nevertheless, the OCC and
                                               FTC: Control number 3084–0121.                       OTS each has determined that this                      53 We have asked for comment in section V on
                                               SEC: Control number 3235–0537.                       proposed rule will not result in                      whether a downloadable version of the model form
                                               CFTC: Control number 3038–0055.                      expenditures by State, local, and tribal              would be useful.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00020   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                     Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                                        14959

                                            A. Benefits                                               extent that consumers have more trust                 investment advisers registered with the
                                               We anticipate that brokers, dealers,                   and confidence in an institution’s                    Commission, and investment companies
                                            investment advisers registered with the                   privacy policies because the consumers                that may use the proposed model form.
                                            SEC, and investment companies would                       understand those policies.
                                                                                                                                                            C. Request for Comments
                                            benefit from the proposed model                           B. Costs                                                 The SEC requests comment on the
                                            privacy form’s standardized formatting                       While the proposed amendments                      potential costs and benefits of the
                                            and language. The notice requirements                     would not affect Regulation S–P’s                     proposed amendments to Appendix A
                                            of Regulation S–P have been effective                     substantive requirements, and financial               of Regulation S–P. The SEC specifically
                                            since July 1, 2001, and would not be                      institutions would be under no                        requests comment on the costs of each
                                            altered by the proposed amendments,                       obligation to modify their current                    item discussed above that institutions
                                            but new brokers, dealers, investment                      privacy notices, we believe that                      could incur in using the model form and
                                            companies, and registered investment                      financial institutions that elect to use              whether any of those costs would differ
                                            advisers would be able to use the model                   the model privacy form could incur                    if the form were downloadable from a
                                            privacy form without investing the time                   some small, incremental costs in making               Web site. Commenters should specify
                                            and resources previously necessary to                     the transition from their current notices             the type of institution associated with
                                            develop their own notices. We believe                     to the proposed model form. These costs               estimates of cost and benefits. The SEC
                                            that institutions currently review their                  could include staff time to review the                encourages commenters to identify,
                                            Regulation S–P privacy policies                           model form and its instructions and                   discuss, analyze, and supply relevant
                                            annually. To the extent that these                        complete the proposed form. As noted                  data regarding any additional costs and
                                            institutions are required to change their                 above, we anticipate there would be                   benefits. For purposes of the Small
                                            policies to reflect changes in their                      minimal computer costs associated with                Business Regulatory Enforcement
                                            privacy practices, they may find it easier                using the form, particularly if the form              Fairness Act of 1996,55 the SEC also
                                            to use the proposed model privacy form                    could be downloaded from a Web site.                  requests information regarding the
                                            as a revised or annual privacy notice                     We also believe that a financial                      potential impact of the proposals on the
                                            rather than to revise their existing                      institution that would use the model                  U.S. economy on an annual basis.
                                            notices. In addition, the SEC expects                     privacy form would need little, if any,
                                            that revisions to an institution’s privacy                review by legal counsel because almost                SEC Consideration of Burden on
                                            policies would be easier to record in the                 all the disclosures in the form are                   Competition
                                            model form’s standardized format. The                     mandated. Institution-specific                           Securities Exchange Act Section
                                            SEC also anticipates that a financial                     information consists of contact                       23(a)(2) requires the SEC, in adopting
                                            institution that chooses to use the model                 information, ‘‘yes’’ or ‘‘no’’ answers and            rules under that Act, to consider the
                                            notice would need little, if any, ongoing                 brief descriptions, as necessary, of the              impact that any such rule would have
                                            review by legal counsel because an                        types of entities with which they share               on competition.56 Section 23(a)(2) also
                                            institution cannot vary the form except                   information. Moreover, we believe that                prohibits the SEC from adopting any
                                            as necessary to identify certain specific                 financial institutions currently review               rule that would impose a burden on
                                            sharing and opt-out policies.                             their privacy polices annually, and we                competition not necessary or
                                               Appendix A of Regulation S–P                           anticipate that the costs associated with             appropriate in furtherance of the
                                            currently contains sample clauses that                    this annual review would likely be the                purposes of the Securities Exchange
                                            the SEC has said provide guidance in                      same as the costs of completing the                   Act.
                                            ordinary circumstances. The SEC has                       model form. Although there may be                        As discussed above, the proposed
                                            said, however, that the ‘‘facts and                       some costs to firms that currently rely               amendments to Regulation S–P,
                                            circumstances of each individual                          on the sample clauses for guidance in                 including the proposed model form, are
                                            situation’’ will determine whether ‘‘use                  preparing their privacy notices, we                   designed to comply with section 728 of
                                            of a sample clause’’ constitutes                          expect those costs to be minimal. As                  the Regulatory Relief Act, mandating
                                            compliance.54 In contrast, if the                         noted above, we believe that financial                that the Agencies propose a model form
                                            proposed amendments are adopted,                          institutions take approximately the                   that is comprehensible, clear and
                                            SEC-regulated institutions would                          same time to prepare a notice using the               conspicuous, and succinct. If adopted,
                                            benefit from the certainty that proper                    proposed form as they currently take to               SEC-regulated institutions would be
                                            use of the model notice entitles them to                  review annual notices. Moreover, the                  able to use the model form in order to
                                            a safe harbor for disclosures required                    Agencies are proposing to give financial              comply with the notice requirements
                                            under the GLB Act and FCRA.                               institutions one year in which they can               under the GLB Act, the FCRA, and
                                               Finally, as discussed more fully in                    continue to rely on the Sample Clauses                Regulation S–P.
                                            section I.B above, the proposed model                     as guidance, which should allow time to                  The SEC does not expect the proposed
                                            form was developed in an extensive                        minimize the costs of transition for                  amendments to have a significant
                                            consumer research testing process that                    institutions that would transition to the             impact on competition, and believes
                                            evaluated consumers’ ability to                           model privacy form. The SEC requests                  that any effect on competition would be
                                            comprehend, use, and compare privacy                      commenters to provide data on these                   favorable. Use of the proposed model
                                            notices. The SEC anticipates therefore                    and any other costs of transition or                  form would be voluntary, permitting a
                                            that if financial institutions choose to                  implementation, and to specify the type               financial institution to determine
                                            use the proposed model form,                              of financial institution (broker, dealer,             whether using the model form would
                                            consumers’ comprehension and their                        investment adviser registered with the                enhance its competitive position. All
                                            ability to use and compare privacy                        Commission, or investment company)                    brokers and dealers, investment
rwilkins on PROD1PC63 with PROPOSALS




                                            policies would be enhanced.                               that would incur the estimated costs.                 companies, and registered investment
                                            Institutions also might benefit from                         As discussed above, we cannot                      advisers would be able to use the model
                                            consumers’ enhanced ability to                            estimate the number of institutions that              form and take advantage of the safe
                                            understand and use the notices to the                     would take advantage of the safe harbor.
                                                                                                      Accordingly, we cannot estimate the                     55 Pub.   L. 104–121, Title II, 110 Stat. 857 (1996).
                                              54 See   17 CFR 248.2(a).                               overall costs to broker-dealers,                        56 See   15 U.S.C. 78w(a)(2).



                                       VerDate Aug<31>2005     19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00021   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM     29MRP2
                                            14960                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            harbor. Other financial institutions                    concern: Protection of market                         16 CFR Part 313
                                            would be able to use the form and take                  participants and the public; efficiency,                Consumer protection, Credit, Privacy,
                                            advantage of the safe harbor under                      competitiveness, and financial integrity              Reporting and recordkeeping
                                            comparable rules proposed by the other                  of futures markets; price discovery;                  requirements, Trade practices.
                                            Agencies. Under the Regulatory Relief                   sound risk management practices; and
                                            Act, the Agencies have worked in                        other public interest considerations.                 17 CFR Part 160
                                            consultation in order to ensure the                     Accordingly, the CFTC could in its                      Brokers, Consumer protection,
                                            consistency and comparability of the                    discretion give greater weight to any one             Privacy, Reporting and recordkeeping
                                            proposed amendments. Therefore, all                     of the five enumerated areas of concern               requirements.
                                            financial institutions would have the                   and could in its discretion determine
                                            same opportunity to use the model form                  that, notwithstanding its costs, a                    17 CFR Part 248
                                            and rely on the safe harbor.                            particular rule was necessary or                        Brokers, Consumer protection,
                                               Further, if financial institutions                   appropriate to protect the public interest            Investment companies, Privacy,
                                            choose to use the proposed model form,                  or to effectuate any of the provisions or             Reporting and recordkeeping
                                            the proposed amendments could                           to accomplish any of the purposes of the              requirements, Securities.
                                            promote competition by enabling                         Act.
                                            consumers more easily to understand                        The CFTC has considered the costs                  Office of the Comptroller of the
                                            and compare competing institutions’                     and benefits of the proposed model form               Currency
                                            privacy policies. The SEC also                          as a totality. The form provides a                    12 CFR Chapter I
                                            anticipates that the proposed model                     voluntary alternative means of
                                            form’s standardized formatting would                    complying with existing requirements of               Authority and Issuance
                                            reduce the relative burden of                           the privacy provisions of the GLB Act                   For the reasons set forth in the joint
                                            compliance on smaller financial                         and section 5g of the CEA, and thus                   preamble, part 40 of chapter I of title 12
                                            institutions, allowing them to compete                  imposes no mandatory new costs. The                   of the Code of Federal Regulations is
                                            more effectively with larger institutions               CFTC solicits comment on the                          proposed to be revised as follows:
                                            that are more likely to have a dedicated                transitional costs that may be incurred
                                            compliance staff. As such, the SEC                      by institutions electing to use the model             PART 40—PRIVACY OF CONSUMER
                                            expects any small impact on                             form, including costs in addition to                  FINANCIAL INFORMATION
                                            competition caused by the proposed                      those already imposed. The CFTC
                                                                                                                                                            1. The authority citation for part 40
                                            amendments would be beneficial. We                      believes that the model form should
                                                                                                                                                          continues to read as follows:
                                            request comment on whether the                          benefit futures industry consumer
                                            proposal, if adopted, would have an                     customers in better understanding a                     Authority: 12 U.S.C. 93a; 15 U.S.C. 6801 et
                                            impact or burden on competition.                        financial institution’s privacy policies,             seq.
                                            Commenters are requested to provide                     and may facilitate customers in                           2. Revise § 40.2 to read as follows:
                                            empirical data and other factual support                comparing the privacy policies of
                                            for their views if possible.                            financial institutions. The Commission                § 40.2   Model privacy form and examples.
                                                                                                    invites public comment on its                           (a) Model privacy form. Use of the
                                            NCUA: The Treasury and General                                                                                model privacy form in Appendix A of
                                            Government Appropriations Act, 1999—                    application of the cost-benefit provision.
                                                                                                    Commenters also are invited to submit                 this part, consistent with the
                                            Assessment of Federal Regulations and                                                                         instructions in Appendix A, constitutes
                                            Policies on Families                                    any data that they may have quantifying
                                                                                                    the costs and benefits of the proposed                compliance with the notice content
                                              The NCUA has determined that this                     rules with their comment letters.                     requirements of §§ 40.6 and 40.7 of this
                                            proposed rule would not affect family                                                                         part, although use of the model privacy
                                            well-being within the meaning of                        List of Subjects                                      form is not required.
                                            section 654 of the Treasury and General                 12 CFR Part 40                                          (b) Examples. The examples in this
                                            Government Appropriations Act, 1999,                                                                          part are not exclusive. Compliance with
                                                                                                      Banks, banking, Consumer protection,
                                            Pub. L. 105–277, 112 Stat. 2681 (1998).                                                                       an example, to the extent applicable,
                                                                                                    National banks, Privacy, Reporting and
                                            CFTC Cost-Benefit Analysis                                                                                    constitutes compliance with this part.
                                                                                                    recordkeeping requirements.
                                                                                                                                                            3. In § 40.6, revise paragraph (f) and
                                              Section 15 of the Commodity                           12 CFR Part 216                                       add paragraph (g) to read as follows:
                                            Exchange Act requires the CFTC to
                                                                                                      Banks, banking, Consumer protection,                § 40.6 Information to be included in
                                            consider the costs and benefits of its
                                                                                                    Foreign banking, Holding companies,                   privacy notices.
                                            action before issuing a new regulation
                                                                                                    Privacy, Reporting and recordkeeping                  *      *    *      *     *
                                            under the Act. The CFTC understands
                                                                                                    requirements.                                            (f) Model privacy form. Pursuant to
                                            that, by its terms, section 15 does not
                                            require the CFTC to quantify the costs                  12 CFR Part 332                                       § 40.2(a) of this part, a model privacy
                                            and benefits of a new regulation or to                    Banks, banking, Consumer protection,                form that meets the notice content
                                            determine whether the benefits of the                   Foreign banking, Privacy, Reporting and               requirements of this section is included
                                            proposed regulation outweigh its costs.                 recordkeeping requirements.                           in Appendix A of this part.
                                            Nor does it require that each proposed                                                                           (g) Sample clauses. Sample clauses
                                            rule be analyzed piecemeal or in                        12 CFR Part 573                                       illustrating some of the notice content
                                            isolation when that rule is a component                   Consumer protection, Privacy,                       required by this section are included in
                                            of a larger package of rules or rule                    Reporting and recordkeeping                           Appendix B of this part. Use of a sample
rwilkins on PROD1PC63 with PROPOSALS




                                            revisions. Rather, section 15 simply                    requirements, Savings associations.                   clause in a privacy notice provided on
                                            requires the CFTC to ‘‘consider the costs                                                                     or before [DATE ONE YEAR
                                            and benefits’’ of its action.                           12 CFR Part 716                                       FOLLOWING THE DATE OF
                                              Section 15 further specifies that costs                 Consumer protection, Credit unions,                 PUBLICATION OF THE FINAL RULE],
                                            and benefits shall be evaluated in light                Privacy, Reporting and recordkeeping                  to the extent applicable, constitutes
                                            of five broad areas of market and public                requirements.                                         compliance with this part.


                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00022   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                         14961

                                              4. In § 40.7, add paragraph (i) to read               form that meets the notice content                      6. Add new Appendix A to read as
                                            as follows:                                             requirements of this section is included              follows:
                                                                                                    in Appendix A of this part.
                                            § 40.7 Form of opt-out notice to                                                                              Appendix A to Part 40—Model Privacy Form
                                            consumers; opt-out methods.                             Appendix A [Redesignated as Appendix
                                                                                                                                                          A. The Model Privacy Form
                                            *     *     *      *     *                              B]
                                              (i) Model privacy form. Pursuant to                     5. Redesignate Appendix A as
                                            § 40.2(a) of this part, a model privacy                 Appendix B.
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                                     EP29MR07.006</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00023   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14962                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.007</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00024   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                              14963




                                            B. General Instructions                                 it to provide a third page with opt-out                 (a) Easily readable type font. Financial
                                                                                                    information.                                          institutions that use the model form must use
                                            1. How the Model Privacy Form Is Used                      (a) Page One. The first page consists of the       an easily readable type font. Easily readable
                                               The model form may be used, at the option            following components:                                 type font includes a minimum of 10-point
                                            of a financial institution, including a group              (1) The title.
                                                                                                                                                          font and sufficient spacing between the lines
                                            of financial holding company affiliates that               (2) The key frame (Why?, What?, How?).
                                            use a common privacy notice, to meet the                   (3) The disclosure table (‘‘Reasons we can         of type.
                                            content requirements of the privacy notice              share your personal information’’).                     (b) Logo. A financial institution may
                                            and opt-out notice set forth in sections 40.6              (4) Contact information.                           include a corporate logo on any page of the
                                            and 40.7 of this part.                                     (b) Page Two. The second page consists of          notice, so long as it does not interfere with
                                               (Note that disclosure of certain                     the following components:                             the readability of the model form or the space
                                            information, such as assets, income, and                   (1) The title.                                     constraints of each page.
                                            information from a consumer reporting                      (2) The Frequently Asked Questions on                (c) Page size and orientation. Each page of
                                            agency, may give rise to obligations under the          sharing practices.                                    the model form must be printed on one side
                                            Fair Credit Reporting Act [15 U.S.C. 1681–                 (3) The definitions.                               of an 8.5 by 11 inch paper in portrait
                                            1681x] (FCRA), such as a requirement to                    (c) Page Three. The third page consists of
                                                                                                                                                          orientation.
                                            permit a consumer to opt out of disclosures             a financial institution’s opt-out form.
                                            to affiliates or designation as a consumer                                                                      (d) Color. The model form may be printed
                                                                                                    3. The Format of the Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                            reporting agency if disclosures are made to                                                                   on white or light color paper (such as cream)
                                            nonaffiliated third parties.)                              The model form is a standardized form,             with black or suitable contrasting color ink.
                                                                                                    including page layout, page content, format,          Spot color may be used to achieve visual
                                            2. The Contents of the Model Privacy Form               style, pagination, and shading. No other              interest, so long as the color contrast is
                                               The model form consists of two or three              information may be included in the model              distinctive and the color does not detract
                                            pages, depending on whether a financial                 form, and the model form may be modified              from the readability of the model form.
                                                                                                                                                                                                           EP29MR07.008</GPH>




                                            institution shares in a manner that requires            only as described below.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00025   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14964                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            C. Information Required in the Model                    shares for this reason may or may not elect           reason must answer ‘‘Yes’’ in the middle
                                            Privacy Form                                            to provide an opt-out and must provide the            column and ‘‘Yes (check your choices, p. 3)’’
                                              The model form is a standardized form,                corresponding answer in the right column as           corresponding to the availability of an opt-
                                            and institutions seeking to obtain the safe             described in paragraph C.2.(a) of this                out.
                                            harbor through use of the model form may                Instruction.                                             (8) Additional opt-outs. A financial
                                            modify the form only as described below:                   (4) For our affiliates’ everyday business          institution may customize the model form to
                                                                                                    purposes—information about transactions               offer opt-outs beyond those required under
                                            1. Name of the Institution or Group of                  and experiences. This provision applies to            Federal law, so long as the additional
                                            Affiliated Institutions Providing the Notice            sharing of certain information with an                information falls within the space constraints
                                               Include the name of the financial                    institution’s affiliates, as contemplated by          of the model form. If the institution chooses
                                            institution or group of affiliated institutions         sections 603(d)(2)(A)(i) and (ii) of the FCRA.        to offer its customers an opt-out for its own
                                            providing the notice on the form wherever               The financial institution must answer ‘‘Yes’’         marketing or for joint marketing, for example,
                                            [name of financial institution] appears.                or ‘‘No’’ in the middle column. An institution        it can provide for that option by stating: ‘‘Yes
                                            Contact information, such as the institution’s          that does not share for this reason must              (Check your choices, p.3)’’ as to the
                                            toll-free telephone number, Web address, or             answer ‘‘We don’t share’’ in the right column.        availability of the opt-out.
                                            mailing address, or other contact                       An institution that does not have any                 3. Page Two
                                            information, should be inserted as                      affiliates will also use this answer.
                                                                                                    Institutions that share for this reason may or           (a) General instructions for the Definitions.
                                            appropriate, wherever [toll-free telephone] or
                                                                                                    may not elect to provide an opt-out and must          The financial institution must customize the
                                            [web address] or [mailing address] appear.
                                                                                                    provide the corresponding answer in the               space below the last three definitions in this
                                            2. Page One                                             right column as described in paragraph                section (affiliates, nonafffiliates, and joint
                                               (a) General instructions for the disclosure          C.2.(a) of this Instruction.                          marketing). This specific information must be
                                            table. There are reasons for sharing or using              (5) For our affiliates’ everyday business          in italicized lettering to set off the
                                            personal information listed in the left column          purposes—information about                            information from the standardized
                                            of the disclosure table. Each of these reasons          creditworthiness. This provision applies to           definitions.
                                            correlates to certain legal provisions                  the sharing of certain information with an               (b) Affiliates. As required by section
                                            described below. In the middle column, each             institution’s affiliates, as contemplated by          40.6(a)(3) of this part, the financial
                                            institution must provide a ‘‘Yes’’ or ‘‘No’’            section 603(d)(2)(A)(iii) of the FCRA. The            institution must identify the categories of its
                                            response in each box that accurately reflects           financial institution must answer ‘‘Yes’’ or          affiliates or state ‘‘[name of financial
                                            its information sharing policies and practices          ‘‘No’’ in the middle column. An institution           institution] has no affiliates’’ in italicized
                                            with respect to the reason listed on the left.          that does not share for this reason must              lettering where [affiliate information]
                                            Each institution also must complete each box            answer ‘‘We don’t share’’ in the right column.        appears. A financial institution that shares
                                            in the right column as to whether a consumer            An institution that does not have any                 with affiliates must use, as applicable, the
                                            can limit such sharing. If an institution               affiliates will also use this answer.                 following format: ‘‘Our affiliates include
                                            answers ‘‘No’’ to sharing for a particular              Institutions that share for this reason must          companies with a [name of financial
                                            reason in the middle column, it must answer             provide an opt-out and must provide the               institution] name; financial companies such
                                                                                                                                                          as [list companies]; and nonfinancial
                                            ‘‘We don’t share’’ in the corresponding right           appropriate answer in the right column as
                                                                                                                                                          companies, such as [list companies].’’
                                            column. If an institution answers ‘‘Yes’’ to            described in paragraph C.2.(a) of this
                                                                                                                                                             (c) Nonaffiliates. If the financial institution
                                            sharing for a particular reason in the middle           Instruction.
                                                                                                                                                          shares with nonaffiliated third parties
                                            column, it must, in the right column, answer               (6) For our affiliates to market to you. This
                                                                                                                                                          outside the exceptions in sections 40.14 and
                                            either ‘‘No’’ if it does not offer an opt-out or        provision applies to information shared
                                                                                                                                                          40.15 of this part, the institution must
                                            ‘‘Yes (Check your choices, p.3)’’ if it does            among affiliates that is used by those
                                                                                                                                                          identify the types of nonaffiliated third
                                            offer an opt-out. Except for the sixth row              affiliates for marketing, as contemplated by
                                                                                                                                                          parties with which it shares or state ‘‘[name
                                            (‘‘For our affiliates to market to you’’), an           section 624 of the FCRA. Following the
                                                                                                                                                          of financial institution] does not share with
                                            institution must list all reasons for sharing,          effective date of the rules implementing              nonaffiliates so they can market to you.’’ in
                                            and complete the middle and right columns               section 624, institutions that elect to               italicized lettering where [nonaffiliate
                                            of the disclosure table.                                incorporate this provision into the model             information] appears. A financial institution
                                               (b) Specific disclosures and corresponding           form to satisfy their obligations under this          that shares with nonaffiliated third parties as
                                            legal provisions.                                       part must include this reason for sharing as          described here must use, as applicable, the
                                               (1) For our everyday business purposes.              set forth in the model form in order to obtain        following format: ‘‘Nonaffiliates we share
                                            Because all financial institutions share                the benefit of the safe harbor. Institutions          with can include [list categories of companies
                                            information for everyday business purposes,             whose affiliates receive such information and         such as mortgage companies, insurance
                                            as contemplated by sections 40.14 and 40.15             use it for marketing must answer ‘‘Yes’’ in           companies, direct marketing companies, and
                                            of this part, the financial institution must            the middle column, and ‘‘Yes (Check your              nonprofit organizations].’’
                                            answer ‘‘Yes’’ to the sharing of such                   choices, p.3)’’ in the right column                      (d) Joint Marketing. As required by section
                                            information and ‘‘No’’ to the availability of           corresponding to the availability of an opt-          40.13 of this part, the financial institution
                                            an opt-out.                                             out. Institutions whose affiliates receive such       must identify the types of financial
                                               (2) For our marketing purposes. The                  information and do not use it for marketing           institutions with which it engages in joint
                                            financial institution must answer ‘‘Yes’’ or            may elect to include this provision in the            marketing or state ‘‘[name of financial
                                            ‘‘No’’ in the middle column. An institution             model form and answer ‘‘No’’ in the middle            institution] doesn’t jointly market.’’ in
                                            that does not share for this reason must                column and ‘‘We don’t share’’ in the right            italicized lettering where [joint marketing]
                                            answer ‘‘We don’t share’’ in the right column.          column; however, institutions whose                   appears. A financial institution that shares
                                            An institution that shares for this reason may          affiliates receive such information and do not        with joint marketing partners must use, as
                                            or may not elect to provide an opt-out and              use it for marketing are not required to use          applicable, the following format: ‘‘Our joint
                                            must provide the corresponding answer in                this provision. Institutions that do not have         marketing partners include [list categories of
                                            the right column as described in paragraph              affiliates and elect to include this provision        companies such as credit card companies].’’
                                            C.2.(a) of this Instruction. This provision             in their notice will answer ‘‘No’’ in the
                                            includes service providers contemplated by              middle column and ‘‘We don’t share’’ in the           4. Page Three
                                            section 40.13 of this part.                             right column.                                            Opt-out form. Financial institutions must
rwilkins on PROD1PC63 with PROPOSALS




                                               (3) For joint marketing with other financial            (7) For nonaffiliates to market to you. This       use page three only if they: (1) share or use
                                            companies. As contemplated by section                   provision applies to sharing under sections           information in a manner that triggers an opt-
                                            40.13 of this part, the financial institution           40.7 and 40.10(a) of this part. Financial             out; or (2) choose to provide an opt-out (as
                                            must answer ‘‘Yes’’ or ‘‘No’’ in the middle             institutions that do not share for this reason        disclosed in the table on page 1) in addition
                                            column. An institution that does not share              must answer ‘‘No’’ in the middle column and           to what is required by law. The model opt-
                                            for this reason must answer ‘‘We don’t share’’          ‘‘We don’t share’’ in the right column.               out form must be provided on a separate page
                                            in the right column. An institution that                Financial institutions that do share for this         of the model form.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00026   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                             14965

                                               (a) Contact us. The section describes three             (d) Additional opt-outs. A financial               instructions in Appendix A, constitutes
                                            common methods by which a consumer                      institution that uses the disclosure table to         compliance with the notice content
                                            exercises an opt-out—by telephone, on the               indicate any opt-out choices available to             requirements of §§ 216.6 and 216.7 of
                                            Web, and by mail. Financial institutions may            consumers beyond those required by Federal
                                            customize this section to provide for the
                                                                                                                                                          this part, although use of the model
                                                                                                    law must include those opt-outs on page
                                            particular opt-out methods and options the              three of the model form. For example, if the          privacy form is not required.
                                            institution provides. For example, if an                financial institution discloses in the table            (b) Examples. The examples in this
                                            institution offers opting out by telephone and          that it offers an opt-out for joint marketing,        part are not exclusive. Compliance with
                                            the Web but not by mail, it would provide               the institution must revise the opt-out form          an example, to the extent applicable,
                                            only telephone and Web information as                   on page three to reflect the availability of an       constitutes compliance with this part.
                                            shown in the model form in the ‘‘Contact Us’’           opt-out, such as by adding a check-off box              3. In § 216.6, revise paragraph (f) and
                                            box. Only institutions that allow more than             with the words ‘‘Do not share my personal
                                            30 days after providing the notice before                                                                     add paragraph (g) to read as follows:
                                                                                                    information with other financial institutions
                                            sharing information may change the number               to jointly market to me.’’ Likewise, if a             § 216.6 Information to be included in
                                            of days in the lower right hand section of the          financial institution chooses to offer its            privacy notices.
                                            box.                                                    customers an opt-out for its marketing, it can
                                               (b) Check your choices. Institutions must            provide for that option in the disclosure table       *      *     *     *     *
                                            display the applicable opt-out options in the           and on the opt-out form by adding a check-               (f) Model privacy form. Pursuant to
                                            ‘‘Check your choices’’ box shown on this                off box with the words ‘‘Do not share [or use]        § 216.2(a) of this part, a model privacy
                                            page. If an institution chooses not to offer an         my personal information to market to me.’’            form that meets the notice content
                                            opt-out by mail, it must delete the boxes for                                                                 requirements of this section is included
                                            name, address, account number, and mailing                7. Amend newly redesignated
                                                                                                    Appendix B by adding a new sentence                   in Appendix A of this part.
                                            directions in the lower right-hand corner of
                                            the model form. Financial institutions that             immediately after the heading:                           (g) Sample clauses. Sample clauses
                                            only offer one or two of the opt-out options                                                                  illustrating some of the notice content
                                            listed on the model form must list only those           Appendix B to Part 40—Sample Clauses                  required by this section are included in
                                            options from the model form that apply to                 This Appendix only applies to                       Appendix B of this part. Use of a sample
                                            their practices and correspond accurately to            privacy notices provided until the date               clause in a privacy notice provided on
                                            the disclosures on page one. Thus, if an                that is on or before one year following               or before [DATE ONE YEAR
                                            institution does not share in a manner that                                                                   FOLLOWING THE DATE OF
                                                                                                    the date of final publication of this rule.
                                            requires an opt-out for sharing with
                                            nonaffiliates, it must not include that opt-out         * * *                                                 PUBLICATION OF THE FINAL RULE],
                                            option on page three of the model form.                 *     *     *     *    *                              to the extent applicable, constitutes
                                            Institutions requiring information from                                                                       compliance with this part.
                                            consumers on the opt-out form other than an             Federal Reserve System                                   4. In § 216.7, add paragraph (i) to read
                                            account number should modify that                       12 CFR Chapter II                                     as follows:
                                            designation in the ‘‘Check your choices’’ box.
                                            Institutions that require customers with                Authority and Issuance                                § 216.7 Form of opt-out notice to
                                            multiple accounts to identify each account to             For the reasons set forth in the joint              consumers; opt-out methods.
                                            which the opt-out should apply should                   preamble, the Board proposes to amend                 *     *     *     *      *
                                            modify that portion of the model form.
                                                                                                    part 216 of chapter II of title 12 of the               (i) Model privacy form. Pursuant to
                                               (c) Section 624 opt-out. If the financial
                                            institution’s affiliates use information for            Code of Federal Regulations as follows:               § 216.2(a) of this part, a model privacy
                                            marketing pursuant to section 624 of the                                                                      form that meets the notice content
                                            FCRA, and the institution elects to                     PART 216—PRIVACY OF CONSUMER                          requirements of this section is included
                                            consolidate that opt-out notice in the model            FINANCIAL INFORMATION                                 in Appendix A of this part.
                                            form, it must include that disclosure and opt-          (REGULATION P)
                                            out election as shown in the model form.                                                                      Appendix A [Redesignated as Appendix
                                            Institutions that elect to limit the time for the         1. The authority citation for part 216              B]
                                            affiliate marketing opt-out, consistent with            continues to read as follows:
                                                                                                                                                            5. Redesignate Appendix A as
                                            the requirements of section 624, must adhere              Authority: 15 U.S.C. 6801 et seq.
                                            to the requirements of that section and the
                                                                                                                                                          Appendix B.
                                            Agencies’ implementing rule with respect to               2. Revise § 216.2 to read as follows:                 6. Add new Appendix A to read as
                                            any subsequent notice and opt-out.                                                                            follows:
                                                                                                    § 216.2   Model privacy form and examples.
                                            Institutions that elect to limit the opt-out                                                                  Appendix A to Part 216—Model Privacy
                                            period must include a statement in italics, as            (a) Model privacy form. Use of the
                                                                                                                                                          Form
                                            shown on the model form, that states the                model privacy form in Appendix A of
                                            period of time for which the opt-out applies.           this part, consistent with the                        A. The Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00027   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14966                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.009</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00028   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                           14967
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                    EP29MR07.010</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00029   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14968                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules




                                            B. General Instructions                                 it to provide a third page with opt-out                 (a) Easily readable type font. Financial
                                                                                                    information.                                          institutions that use the model form must use
                                            1. How the Model Privacy Form Is Used                      (a) Page One. The first page consists of the       an easily readable type font. Easily readable
                                               The model form may be used, at the option            following components:                                 type font includes a minimum of 10-point
                                            of a financial institution, including a group              (1) The title.                                     font and sufficient spacing between the lines
                                            of financial holding company affiliates that               (2) The key frame (Why?, What?, How?).
                                                                                                                                                          of type.
                                            use a common privacy notice, to meet the                   (3) The disclosure table (‘‘Reasons we can
                                            content requirements of the privacy notice              share your personal information’’).                     (b) Logo. A financial institution may
                                            and opt-out notice set forth in sections 216.6             (4) Contact information.                           include a corporate logo on any page of the
                                            and 216.7 of this part.                                    (b) Page Two. The second page consists of          notice, so long as it does not interfere with
                                               (Note that disclosure of certain                     the following components:                             the readability of the model form or the space
                                            information, such as assets, income, and                   (1) The title.                                     constraints of each page.
                                            information from a consumer reporting                      (2) The Frequently Asked Questions on                (c) Page size and orientation. Each page of
                                            agency, may give rise to obligations under the          sharing practices.                                    the model form must be printed on one side
                                            Fair Credit Reporting Act [15 U.S.C. 1681–                 (3) The definitions.                               of an 8.5 by 11 inch paper in portrait
                                            1681x] (FCRA), such as a requirement to                    (c) Page Three. The third page consists of         orientation.
                                            permit a consumer to opt out of disclosures             a financial institution’s opt-out form.                 (d) Color. The model form may be printed
                                            to affiliates or designation as a consumer
                                                                                                    3. The Format of the Model Privacy Form               on white or light color paper (such as cream)
rwilkins on PROD1PC63 with PROPOSALS




                                            reporting agency if disclosures are made to
                                            nonaffiliated third parties.)                              The model form is a standardized form,             with black or suitable contrasting color ink.
                                                                                                    including page layout, page content, format,          Spot color may be used to achieve visual
                                            2. The Contents of the Model Privacy Form               style, pagination, and shading. No other              interest, so long as the color contrast is
                                               The model form consists of two or three              information may be included in the model              distinctive and the color does not detract
                                            pages, depending on whether a financial                 form, and the model form may be modified              from the readability of the model form.
                                                                                                                                                                                                           EP29MR07.011</GPH>




                                            institution shares in a manner that requires            only as described below.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00030   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                                 14969

                                            C. Information Required in the Model                    shares for this reason may or may not elect           reason must answer ‘‘Yes’’ in the middle
                                            Privacy Form                                            to provide an opt-out and must provide the            column and ‘‘Yes (check your choices, p. 3)’’
                                              The model form is a standardized form,                corresponding answer in the right column as           corresponding to the availability of an opt-
                                            and institutions seeking to obtain the safe             described in paragraph C.2.(a) of this                out.
                                            harbor through use of the model form may                Instruction.                                             (8) Additional opt-outs. A financial
                                            modify the form only as described below:                   (4) For our affiliates’ everyday business          institution may customize the model form to
                                                                                                    purposes—information about transactions               offer opt-outs beyond those required under
                                            1. Name of the Institution or Group of                  and experiences. This provision applies to            Federal law, so long as the additional
                                            Affiliated Institutions Providing the Notice            sharing of certain information with an                information falls within the space constraints
                                               Include the name of the financial                    institution’s affiliates, as contemplated by          of the model form. If the institution chooses
                                            institution or group of affiliated institutions         sections 603(d)(2)(A)(i) and (ii) of the FCRA.        to offer its customers an opt-out for its own
                                            providing the notice on the form wherever               The financial institution must answer ‘‘Yes’’         marketing or for joint marketing, for example,
                                            [name of financial institution] appears.                or ‘‘No’’ in the middle column. An institution        it can provide for that option by stating: ‘‘Yes
                                            Contact information, such as the institution’s          that does not share for this reason must              (Check your choices, p. 3)’’ as to the
                                            toll-free telephone number, Web address, or             answer ‘‘We don’t share’’ in the right column.        availability of the opt-out.
                                            mailing address, or other contact                       An institution that does not have any                 3. Page Two
                                            information, should be inserted as                      affiliates will also use this answer.
                                                                                                    Institutions that share for this reason may or           (a) General instructions for the Definitions.
                                            appropriate, wherever [toll-free telephone] or
                                                                                                    may not elect to provide an opt-out and must             The financial institution must customize
                                            [web address] or [mailing address] appear.
                                                                                                    provide the corresponding answer in the               the space below the last three definitions in
                                            2. Page One                                             right column as described in paragraph                this section (affiliates, nonafffiliates, and
                                               (a) General instructions for the disclosure          C.2.(a) of this Instruction.                          joint marketing). This specific information
                                            table. There are reasons for sharing or using              (5) For our affiliates’ everyday business          must be in italicized lettering to set off the
                                            personal information listed in the left column          purposes—information about                            information from the standardized
                                            of the disclosure table. Each of these reasons          creditworthiness. This provision applies to           definitions.
                                            correlates to certain legal provisions                  the sharing of certain information with an               (b) Affiliates. As required by section
                                            described below. In the middle column, each             institution’s affiliates, as contemplated by          216.6(a)(3) of this part, the financial
                                            institution must provide a ‘‘Yes’’ or ‘‘No’’            section 603(d)(2)(A)(iii) of the FCRA. The            institution must identify the categories of its
                                            response in each box that accurately reflects           financial institution must answer ‘‘Yes’’ or          affiliates or state ‘‘[name of financial
                                            its information sharing policies and practices          ‘‘No’’ in the middle column. An institution           institution] has no affiliates’’ in italicized
                                            with respect to the reason listed on the left.          that does not share for this reason must              lettering where [affiliate information]
                                            Each institution also must complete each box            answer ‘‘We don’t share’’ in the right column.        appears. A financial institution that shares
                                            in the right column as to whether a consumer            An institution that does not have any                 with affiliates must use, as applicable, the
                                            can limit such sharing. If an institution               affiliates will also use this answer.                 following format: ‘‘Our affiliates include
                                            answers ‘‘No’’ to sharing for a particular              Institutions that share for this reason must          companies with a [name of financial
                                            reason in the middle column, it must answer             provide an opt-out and must provide the               institution] name; financial companies such
                                                                                                                                                          as [list companies]; and nonfinancial
                                            ‘‘We don’t share’’ in the corresponding right           appropriate answer in the right column as
                                                                                                                                                          companies, such as [list companies].’’
                                            column. If an institution answers ‘‘Yes’’ to            described in paragraph C.2.(a) of this
                                                                                                                                                             (c) Nonaffiliates. If the financial institution
                                            sharing for a particular reason in the middle           Instruction.
                                                                                                                                                          shares with nonaffiliated third parties
                                            column, it must, in the right column, answer               (6) For our affiliates to market to you. This
                                                                                                                                                          outside the exceptions in sections 216.14 and
                                            either ‘‘No’’ if it does not offer an opt-out or        provision applies to information shared
                                                                                                                                                          216.15 of this part, the institution must
                                            ‘‘Yes (Check your choices, p. 3)’’ if it does           among affiliates that is used by those
                                                                                                                                                          identify the types of nonaffiliated third
                                            offer an opt-out. Except for the sixth row              affiliates for marketing, as contemplated by
                                                                                                                                                          parties with which it shares or state ‘‘[name
                                            (‘‘For our affiliates to market to you’’), an           section 624 of the FCRA. Following the
                                                                                                                                                          of financial institution] does not share with
                                            institution must list all reasons for sharing,          effective date of the rules implementing              nonaffiliates so they can market to you.’’ in
                                            and complete the middle and right columns               section 624, institutions that elect to               italicized lettering where [nonaffiliate
                                            of the disclosure table.                                incorporate this provision into the model             information] appears. A financial institution
                                               (b) Specific disclosures and corresponding           form to satisfy their obligations under this          that shares with nonaffiliated third parties as
                                            legal provisions.                                       part must include this reason for sharing as          described here must use, as applicable, the
                                               (1) For our everyday business purposes.              set forth in the model form in order to obtain        following format: ‘‘Nonaffiliates we share
                                            Because all financial institutions share                the benefit of the safe harbor. Institutions          with can include [list categories of companies
                                            information for everyday business purposes,             whose affiliates receive such information and         such as mortgage companies, insurance
                                            as contemplated by sections 216.14 and                  use it for marketing must answer ‘‘Yes’’ in           companies, direct marketing companies, and
                                            216.15 of this part, the financial institution          the middle column, and ‘‘Yes (Check your              nonprofit organizations].’’
                                            must answer ‘‘Yes’’ to the sharing of such              choices, p. 3)’’ in the right column                     (d) Joint Marketing. As required by section
                                            information and ‘‘No’’ to the availability of           corresponding to the availability of an opt-          216.13 of this part, the financial institution
                                            an opt-out.                                             out. Institutions whose affiliates receive such       must identify the types of financial
                                               (2) For our marketing purposes. The                  information and do not use it for marketing           institutions with which it engages in joint
                                            financial institution must answer ‘‘Yes’’ or            may elect to include this provision in the            marketing or state ‘‘[name of financial
                                            ‘‘No’’ in the middle column. An institution             model form and answer ‘‘No’’ in the middle            institution] doesn’t jointly market.’’ in
                                            that does not share for this reason must                column and ‘‘We don’t share’’ in the right            italicized lettering where [joint marketing]
                                            answer ‘‘We don’t share’’ in the right column.          column; however, institutions whose                   appears. A financial institution that shares
                                            An institution that shares for this reason may          affiliates receive such information and do not        with joint marketing partners must use, as
                                            or may not elect to provide an opt-out and              use it for marketing are not required to use          applicable, the following format: ‘‘Our joint
                                            must provide the corresponding answer in                this provision. Institutions that do not have         marketing partners include [list categories of
                                            the right column as described in paragraph              affiliates and elect to include this provision        companies such as credit card companies].’’
                                            C.2.(a) of this Instruction. This provision             in their notice will answer ‘‘No’’ in the
                                            includes service providers contemplated by              middle column and ‘‘We don’t share’’ in the           4. Page Three
                                            section 216.13 of this part.                            right column.                                            Opt-out form. Financial institutions must
rwilkins on PROD1PC63 with PROPOSALS




                                               (3) For joint marketing with other financial            (7) For nonaffiliates to market to you. This       use page three only if they: (1) share or use
                                            companies. As contemplated by section                   provision applies to sharing under sections           information in a manner that triggers an opt-
                                            216.13 of this part, the financial institution          216.7 and 216.10(a) of this part. Financial           out; or (2) choose to provide an opt-out (as
                                            must answer ‘‘Yes’’ or ‘‘No’’ in the middle             institutions that do not share for this reason        disclosed in the table on page 1) in addition
                                            column. An institution that does not share              must answer ‘‘No’’ in the middle column and           to what is required by law. The model opt-
                                            for this reason must answer ‘‘We don’t share’’          ‘‘We don’t share’’ in the right column.               out form must be provided on a separate page
                                            in the right column. An institution that                Financial institutions that do share for this         of the model form.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00031   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14970                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                               (a) Contact us. The section describes three             (d) Additional opt-outs. A financial               this part, consistent with the
                                            common methods by which a consumer                      institution that uses the disclosure table to         instructions in Appendix A, constitutes
                                            exercises an opt-out—by telephone, on the               indicate any opt-out choices available to             compliance with the notice content
                                            Web, and by mail. Financial institutions may            consumers beyond those required by Federal
                                                                                                                                                          requirements of §§ 332.6 and 332.7 of
                                            customize this section to provide for the               law must include those opt-outs on page
                                            particular opt-out methods and options the              three of the model form. For example, if the          this part, although use of the model
                                            institution provides. For example, if an                financial institution discloses in the table          privacy form is not required.
                                            institution offers opting out by telephone and          that it offers an opt-out for joint marketing,          (b) Examples. The examples in this
                                            the Web but not by mail, it would provide               the institution must revise the opt-out form          part are not exclusive. Compliance with
                                            only telephone and Web information as                   on page three to reflect the availability of an       an example, to the extent applicable,
                                            shown in the model form in the ‘‘Contact Us’’           opt-out, such as by adding a check-off box            constitutes compliance with this part.
                                            box. Only institutions that allow more than             with the words ‘‘Do not share my personal               3. In § 332.6, revise paragraph (f) and
                                            30 days after providing the notice before               information with other financial institutions
                                                                                                    to jointly market to me.’’ Likewise, if a
                                                                                                                                                          add paragraph (g) to read as follows:
                                            sharing information may change the number
                                            of days in the lower right hand section of the          financial institution chooses to offer its            § 332.6 Information to be included in
                                            box.                                                    customers an opt-out for its marketing, it can        privacy notices.
                                               (b) Check your choices. Institutions must            provide for that option in the disclosure table
                                                                                                    and on the opt-out form by adding a check-            *      *     *    *      *
                                            display the applicable opt-out options in the
                                            ‘‘Check your choices’’ box shown on this                off box with the words ‘‘Do not share [or use]           (f) Model privacy form. Pursuant to
                                            page. If an institution chooses not to offer an         my personal information to market to me.’’            § 332.2(a) of this part, a model privacy
                                            opt-out by mail, it must delete the boxes for             7. Amend newly redesignated                         form that meets the notice content
                                            name, address, account number, and mailing              Appendix B by adding a new sentence                   requirements of this section is included
                                            directions in the lower right-hand corner of            immediately after the heading:                        in Appendix A of this part.
                                            the model form. Financial institutions that                                                                      (g) Sample clauses. Sample clauses
                                            only offer one or two of the opt-out options            Appendix B to Part 216—Sample                         illustrating some of the notice content
                                            listed on the model form must list only those           Clauses                                               required by this section are included in
                                            options from the model form that apply to                                                                     Appendix B of this part. Use of a sample
                                            their practices and correspond accurately to              This Appendix only applies to
                                            the disclosures on page one. Thus, if an                privacy notices provided until the date               clause in a privacy notice provided on
                                            institution does not share in a manner that             that is on or before one year following               or before [DATE ONE YEAR
                                            requires an opt-out for sharing with                    the date of final publication of this rule.           FOLLOWING THE DATE OF
                                            nonaffiliates, it must not include that opt-out         * * *                                                 PUBLICATION OF THE FINAL RULE],
                                            option on page three of the model form.                 *     *     *     *    *                              to the extent applicable, constitutes
                                            Institutions requiring information from                                                                       compliance with this part.
                                            consumers on the opt-out form other than an             Federal Deposit Insurance Corporation                    4. In § 332.7 add paragraph (i) to read
                                            account number should modify that                                                                             as follows:
                                            designation in the ‘‘Check your choices’’ box.          12 CFR Chapter III
                                            Institutions that require customers with                Authority and Issuance                                § 332.7 Form of opt-out notice to
                                            multiple accounts to identify each account to                                                                 consumers; opt-out methods.
                                            which the opt-out should apply should                     For the reasons set forth in the joint
                                                                                                    preamble, the Federal Deposit Insurance               *     *     *     *      *
                                            modify that portion of the model form.
                                               (c) Section 624 opt-out. If the financial            Corporation proposes to amend part 332                  (i) Model privacy form. Pursuant to
                                            institution’s affiliates use information for            of chapter III of title 12 of the Code of             § 332.2(a) of this part, a model privacy
                                            marketing pursuant to section 624 of the                Federal Regulations as follows:                       form that meets the notice content
                                            FCRA, and the institution elects to                                                                           requirements of this section is included
                                            consolidate that opt-out notice in the model            PART 332—PRIVACY OF CONSUMER                          in Appendix A of this part.
                                            form, it must include that disclosure and opt-          FINANCIAL INFORMATION
                                            out election as shown in the model form.                                                                      Appendix A [Redesignated as Appendix
                                            Institutions that elect to limit the time for the         1. The authority citation for part 332              B]
                                            affiliate marketing opt-out, consistent with            continues to read as follows:                           5. Redesignate Appendix A as
                                            the requirements of section 624, must adhere              Authority: 12 U.S.C. 1819 (Seventh and              Appendix B.
                                            to the requirements of that section and the             Tenth); 15 U.S.C. 6801 et seq.
                                            Agencies’ implementing rule with respect to
                                                                                                                                                            6. Add new Appendix A to read as
                                            any subsequent notice and opt-out.                        2. Revise § 332.2 to read as follows:               follows:
                                            Institutions that elect to limit the opt-out                                                                  Appendix A to Part 332—Model
                                            period must include a statement in italics, as          § 332.2   Model privacy form and examples.
                                                                                                     (a) Model privacy form. Use of the                   Privacy Form
                                            shown on the model form, that states the
                                            period of time for which the opt-out applies.           model privacy form in Appendix A of                   A. The Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00032   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                           14971
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                    EP29MR07.012</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00033   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14972                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.013</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00034   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                              14973




                                            B. General Instructions                                 it to provide a third page with opt-out                 (a) Easily readable type font. Financial
                                                                                                    information.                                          institutions that use the model form must use
                                            1. How the Model Privacy Form Is Used                      (a) Page One. The first page consists of the       an easily readable type font. Easily readable
                                               The model form may be used, at the option            following components:                                 type font includes a minimum of 10-point
                                            of a financial institution, including a group              (1) The title.                                     font and sufficient spacing between the lines
                                            of financial holding company affiliates that               (2) The key frame (Why?, What?, How?).
                                            use a common privacy notice, to meet the                                                                      of type.
                                                                                                       (3) The disclosure table (‘‘Reasons we can
                                            content requirements of the privacy notice              share your personal information’’).                     (b) Logo. A financial institution may
                                            and opt-out notice set forth in sections 332.6             (4) Contact information.                           include a corporate logo on any page of the
                                            and 332.7 of this part.                                    (b) Page Two. The second page consists of          notice, so long as it does not interfere with
                                               (Note that disclosure of certain                     the following components:                             the readability of the model form or the space
                                            information, such as assets, income, and                   (1) The title.                                     constraints of each page.
                                            information from a consumer reporting                      (2) The Frequently Asked Questions on                (c) Page size and orientation. Each page of
                                            agency, may give rise to obligations under the          sharing practices.                                    the model form must be printed on one side
                                            Fair Credit Reporting Act [15 U.S.C. 1681–                 (3) The definitions.                               of an 8.5 by 11 inch paper in portrait
                                            1681x] (FCRA), such as a requirement to                    (c) Page Three. The third page consists of         orientation.
                                            permit a consumer to opt out of disclosures             a financial institution’s opt-out form.
                                                                                                                                                            (d) Color. The model form may be printed
                                            to affiliates or designation as a consumer
                                                                                                    3. The Format of the Model Privacy Form               on white or light color paper (such as cream)
rwilkins on PROD1PC63 with PROPOSALS




                                            reporting agency if disclosures are made to
                                            nonaffiliated third parties.)                              The model form is a standardized form,             with black or suitable contrasting color ink.
                                                                                                    including page layout, page content, format,          Spot color may be used to achieve visual
                                            2. The Contents of the Model Privacy Form               style, pagination, and shading. No other              interest, so long as the color contrast is
                                               The model form consists of two or three              information may be included in the model              distinctive and the color does not detract
                                            pages, depending on whether a financial                 form, and the model form may be modified              from the readability of the model form.
                                                                                                                                                                                                           EP29MR07.014</GPH>




                                            institution shares in a manner that requires            only as described below.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00035   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14974                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            C. Information Required in the Model                    shares for this reason may or may not elect           reason must answer ‘‘Yes’’ in the middle
                                            Privacy Form                                            to provide an opt-out and must provide the            column and ‘‘Yes (check your choices, p. 3)’’
                                              The model form is a standardized form,                corresponding answer in the right column as           corresponding to the availability of an opt-
                                            and institutions seeking to obtain the safe             described in paragraph C.2.(a) of this                out.
                                            harbor through use of the model form may                Instruction.                                             (8) Additional opt-outs. A financial
                                            modify the form only as described below:                   (4) For our affiliates’ everyday business          institution may customize the model form to
                                                                                                    purposes—information about transactions               offer opt-outs beyond those required under
                                            1. Name of the Institution or Group of                  and experiences. This provision applies to            Federal law, so long as the additional
                                            Affiliated Institutions Providing the Notice            sharing of certain information with an                information falls within the space constraints
                                               Include the name of the financial                    institution’s affiliates, as contemplated by          of the model form. If the institution chooses
                                            institution or group of affiliated institutions         sections 603(d)(2)(A)(i) and (ii) of the FCRA.        to offer its customers an opt-out for its own
                                            providing the notice on the form wherever               The financial institution must answer ‘‘Yes’’         marketing or for joint marketing, for example,
                                            [name of financial institution] appears.                or ‘‘No’’ in the middle column. An institution        it can provide for that option by stating: ‘‘Yes
                                            Contact information, such as the institution’s          that does not share for this reason must              (Check your choices, p. 3)’’ as to the
                                            toll-free telephone number, Web address, or             answer ‘‘We don’t share’’ in the right column.        availability of the opt-out.
                                            mailing address, or other contact                       An institution that does not have any                 3. Page Two
                                            information, should be inserted as                      affiliates will also use this answer.
                                                                                                    Institutions that share for this reason may or           (a) General instructions for the Definitions.
                                            appropriate, wherever [toll-free telephone] or
                                                                                                    may not elect to provide an opt-out and must             The financial institution must customize
                                            [web address] or [mailing address] appear.
                                                                                                    provide the corresponding answer in the               the space below the last three definitions in
                                            2. Page One                                             right column as described in paragraph                this section (affiliates, nonaffiliates, and joint
                                               (a) General instructions for the disclosure          C.2.(a) of this Instruction.                          marketing). This specific information must be
                                            table. There are reasons for sharing or using              (5) For our affiliates’ everyday business          in italicized lettering to set off the
                                            personal information listed in the left column          purposes—information about                            information from the standardized
                                            of the disclosure table. Each of these reasons          creditworthiness. This provision applies to           definitions.
                                            correlates to certain legal provisions                  the sharing of certain information with an               (b) Affiliates. As required by section
                                            described below. In the middle column, each             institution’s affiliates, as contemplated by          332.6(a)(3) of this part, the financial
                                            institution must provide a ‘‘Yes’’ or ‘‘No’’            section 603(d)(2)(A)(iii) of the FCRA. The            institution must identify the categories of its
                                            response in each box that accurately reflects           financial institution must answer ‘‘Yes’’ or          affiliates or state ‘‘[name of financial
                                            its information sharing policies and practices          ‘‘No’’ in the middle column. An institution           institution] has no affiliates’’ in italicized
                                            with respect to the reason listed on the left.          that does not share for this reason must              lettering where [affiliate information]
                                            Each institution also must complete each box            answer ‘‘We don’t share’’ in the right column.        appears. A financial institution that shares
                                            in the right column as to whether a consumer            An institution that does not have any                 with affiliates must use, as applicable, the
                                            can limit such sharing. If an institution               affiliates will also use this answer.                 following format: ‘‘Our affiliates include
                                            answers ‘‘No’’ to sharing for a particular              Institutions that share for this reason must          companies with a [name of financial
                                            reason in the middle column, it must answer             provide an opt-out and must provide the               institution] name; financial companies such
                                                                                                                                                          as [list companies]; and nonfinancial
                                            ‘‘We don’t share’’ in the corresponding right           appropriate answer in the right column as
                                                                                                                                                          companies, such as [list companies].’’
                                            column. If an institution answers ‘‘Yes’’ to            described in paragraph C.2.(a) of this
                                                                                                                                                             (c) Nonaffiliates. If the financial institution
                                            sharing for a particular reason in the middle           Instruction.
                                                                                                                                                          shares with nonaffiliated third parties
                                            column, it must, in the right column, answer               (6) For our affiliates to market to you. This
                                                                                                                                                          outside the exceptions in sections 332.14 and
                                            either ‘‘No’’ if it does not offer an opt-out or        provision applies to information shared
                                                                                                                                                          332.15 of this part, the institution must
                                            ‘‘Yes (Check your choices, p. 3)’’ if it does           among affiliates that is used by those
                                                                                                                                                          identify the types of nonaffiliated third
                                            offer an opt-out. Except for the sixth row              affiliates for marketing, as contemplated by
                                                                                                                                                          parties with which it shares or state ‘‘[name
                                            (‘‘For our affiliates to market to you’’), an           section 624 of the FCRA. Following the
                                                                                                                                                          of financial institution] does not share with
                                            institution must list all reasons for sharing,          effective date of the rules implementing              nonaffiliates so they can market to you.’’ in
                                            and complete the middle and right columns               section 624, institutions that elect to               italicized lettering where [nonaffiliate
                                            of the disclosure table.                                incorporate this provision into the model             information] appears. A financial institution
                                               (b) Specific disclosures and corresponding           form to satisfy their obligations under this          that shares with nonaffiliated third parties as
                                            legal provisions.                                       part must include this reason for sharing as          described here must use, as applicable, the
                                               (1) For our everyday business purposes.              set forth in the model form in order to obtain        following format: ‘‘Nonaffiliates we share
                                            Because all financial institutions share                the benefit of the safe harbor. Institutions          with can include [list categories of companies
                                            information for everyday business purposes,             whose affiliates receive such information and         such as mortgage companies, insurance
                                            as contemplated by sections 332.14 and                  use it for marketing must answer ‘‘Yes’’ in           companies, direct marketing companies, and
                                            332.15 of this part, the financial institution          the middle column, and ‘‘Yes (Check your              nonprofit organizations].’’
                                            must answer ‘‘Yes’’ to the sharing of such              choices, p. 3)’’ in the right column                     (d) Joint Marketing. As required by section
                                            information and ‘‘No’’ to the availability of           corresponding to the availability of an opt-          332.13 of this part, the financial institution
                                            an opt-out.                                             out. Institutions whose affiliates receive such       must identify the types of financial
                                               (2) For our marketing purposes. The                  information and do not use it for marketing           institutions with which it engages in joint
                                            financial institution must answer ‘‘Yes’’ or            may elect to include this provision in the            marketing or state ‘‘[name of financial
                                            ‘‘No’’ in the middle column. An institution             model form and answer ‘‘No’’ in the middle            institution] doesn’t jointly market.’’ in
                                            that does not share for this reason must                column and ‘‘We don’t share’’ in the right            italicized lettering where [joint marketing]
                                            answer ‘‘We don’t share’’ in the right column.          column; however, institutions whose                   appears. A financial institution that shares
                                            An institution that shares for this reason may          affiliates receive such information and do not        with joint marketing partners must use, as
                                            or may not elect to provide an opt-out and              use it for marketing are not required to use          applicable, the following format: ‘‘Our joint
                                            must provide the corresponding answer in                this provision. Institutions that do not have         marketing partners include [list categories of
                                            the right column as described in paragraph              affiliates and elect to include this provision        companies such as credit card companies].’’
                                            C.2.(a) of this Instruction. This provision             in their notice will answer ‘‘No’’ in the
                                            includes service providers contemplated by              middle column and ‘‘We don’t share’’ in the           4. Page Three
                                            section 332.13 of this part.                            right column.                                            Opt-out form. Financial institutions must
rwilkins on PROD1PC63 with PROPOSALS




                                               (3) For joint marketing with other financial            (7) For nonaffiliates to market to you. This       use page three only if they: (1) share or use
                                            companies. As contemplated by section                   provision applies to sharing under sections           information in a manner that triggers an opt-
                                            332.13 of this part, the financial institution          332.7 and 332.10(a) of this part. Financial           out; or (2) choose to provide an opt-out (as
                                            must answer ‘‘Yes’’ or ‘‘No’’ in the middle             institutions that do not share for this reason        disclosed in the table on page 1) in addition
                                            column. An institution that does not share              must answer ‘‘No’’ in the middle column and           to what is required by law. The model opt-
                                            for this reason must answer ‘‘We don’t share’’          ‘‘We don’t share’’ in the right column.               out form must be provided on a separate page
                                            in the right column. An institution that                Financial institutions that do share for this         of the model form.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00036   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                             14975

                                               (a) Contact us. The section describes three             (d) Additional opt-outs. A financial               this part, consistent with the
                                            common methods by which a consumer                      institution that uses the disclosure table to         instructions in Appendix A, constitutes
                                            exercises an opt-out—by telephone, on the               indicate any opt-out choices available to             compliance with the notice content
                                            Web, and by mail. Financial institutions may            consumers beyond those required by Federal
                                                                                                                                                          requirements of §§ 573.6 and 573.7 of
                                            customize this section to provide for the               law must include those opt-outs on page
                                            particular opt-out methods and options the              three of the model form. For example, if the          this part, although use of the model
                                            institution provides. For example, if an                financial institution discloses in the table          privacy form is not required.
                                            institution offers opting out by telephone and          that it offers an opt-out for joint marketing,          (b) Examples. The examples in this
                                            the Web but not by mail, it would provide               the institution must revise the opt-out form          part are not exclusive. Compliance with
                                            only telephone and Web information as                   on page three to reflect the availability of an       an example, to the extent applicable,
                                            shown in the model form in the ‘‘Contact Us’’           opt-out, such as by adding a check-off box            constitutes compliance with this part.
                                            box. Only institutions that allow more than             with the words ‘‘Do not share my personal               3. In § 573.6, revise paragraph (f) and
                                            30 days after providing the notice before               information with other financial institutions
                                                                                                    to jointly market to me.’’ Likewise, if a
                                                                                                                                                          add paragraph (g) to read as follows:
                                            sharing information may change the number
                                            of days in the lower right hand section of the          financial institution chooses to offer its            § 573.6 Information to be included in
                                            box.                                                    customers an opt-out for its marketing, it can        privacy notices.
                                               (b) Check your choices. Institutions must            provide for that option in the disclosure table
                                                                                                    and on the opt-out form by adding a check-            *      *     *     *     *
                                            display the applicable opt-out options in the
                                            ‘‘Check your choices’’ box shown on this                off box with the words ‘‘Do not share [or use]           (f) Model privacy form. Pursuant to
                                            page. If an institution chooses not to offer an         my personal information to market to me.’’            § 573.2(a) of this part, a model privacy
                                            opt-out by mail, it must delete the boxes for             7. Amend newly redesignated                         form that meets the notice content
                                            name, address, account number, and mailing              Appendix B by adding a new sentence                   requirements of this section is included
                                            directions in the lower right-hand corner of            immediately after the heading:                        in Appendix A of this part.
                                            the model form. Financial institutions that                                                                      (g) Sample clauses. Sample clauses
                                            only offer one or two of the opt-out options            Appendix B to Part 332—Sample                         illustrating some of the notice content
                                            listed on the model form must list only those           Clauses                                               required by this section are included in
                                            options from the model form that apply to                                                                     Appendix B of this part. Use of a sample
                                            their practices and correspond accurately to              This Appendix only applies to
                                            the disclosures on page one. Thus, if an                privacy notices provided until the date               clause in a privacy notice provided on
                                            institution does not share in a manner that             that is on or before one year following               or before [DATE ONE YEAR
                                            requires an opt-out for sharing with                    the date of final publication of this rule.           FOLLOWING THE DATE OF
                                            nonaffiliates, it must not include that opt-out         * * *                                                 PUBLICATION OF THE FINAL RULE],
                                            option on page three of the model form.                 *     *     *     *    *                              to the extent applicable, constitutes
                                            Institutions requiring information from                                                                       compliance with this part.
                                            consumers on the opt-out form other than an             Office of Thrift Supervision                             4. In § 573.7, add paragraph (i) to read
                                            account number should modify that                                                                             as follows:
                                            designation in the ‘‘Check your choices’’ box.          12 CFR Chapter V
                                            Institutions that require customers with                Authority and Issuance                                § 573.7 Form of opt-out notice to
                                            multiple accounts to identify each account to                                                                 consumers; opt-out methods.
                                            which the opt-out should apply should                     For the reasons set forth in the joint
                                                                                                    preamble, the Office of Thrift                        *     *     *     *      *
                                            modify that portion of the model form.
                                               (c) Section 624 opt-out. If the financial            Supervision proposes to amend part 573                  (i) Model privacy form. Pursuant to
                                            institution’s affiliates use information for            of Chapter V of title 12 of the Code of               § 573.2(a) of this part, a model privacy
                                            marketing pursuant to section 624 of the                Federal Regulations as follows:                       form that meets the notice content
                                            FCRA, and the institution elects to                                                                           requirements of this section is included
                                            consolidate that opt-out notice in the model            PART 573—PRIVACY OF CONSUMER                          in Appendix A of this part.
                                            form, it must include that disclosure and opt-          FINANCIAL INFORMATION
                                            out election as shown in the model form.                                                                      Appendix A [Redesignated as Appendix
                                            Institutions that elect to limit the time for the         1. The authority citation for part 573              B]
                                            affiliate marketing opt-out, consistent with            continues to read as follows:                           5. Redesignate Appendix A as
                                            the requirements of section 624, must adhere              Authority: 12 U.S.C. 1462a; 1463, 1464,             Appendix B.
                                            to the requirements of that section and the             1828; 15 U.S.C. 6801 et seq.
                                            Agencies’ implementing rule with respect to
                                                                                                                                                            6. Add new Appendix A to read as
                                            any subsequent notice and opt-out.                        2. Revise § 573.2 to read as follows:               follows:
                                            Institutions that elect to limit the opt-out                                                                  Appendix A to Part 573—Model
                                            period must include a statement in italics, as          § 573.2   Model privacy form and examples.
                                                                                                     (a) Model privacy form. Use of the                   Privacy Form
                                            shown on the model form, that states the
                                            period of time for which the opt-out applies.           model privacy form in Appendix A of                   A. The Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00037   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14976                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.015</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00038   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                           14977
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                    EP29MR07.016</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00039   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14978                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules




                                            B. General Instructions                                 it to provide a third page with opt-out                 (a) Easily readable type font. Financial
                                                                                                    information.                                          institutions that use the model form must use
                                            1. How the Model Privacy Form Is Used                      (a) Page One. The first page consists of the       an easily readable type font. Easily readable
                                               The model form may be used, at the option            following components:                                 type font includes a minimum of 10-point
                                            of a financial institution, including a group              (1) The title.                                     font and sufficient spacing between the lines
                                            of financial holding company affiliates that               (2) The key frame (Why?, What?, How?).
                                            use a common privacy notice, to meet the                                                                      of type.
                                                                                                       (3) The disclosure table (‘‘Reasons we can
                                            content requirements of the privacy notice              share your personal information’’).                     (b) Logo. A financial institution may
                                            and opt-out notice set forth in sections 573.6             (4) Contact information.                           include a corporate logo on any page of the
                                            and 573.7 of this part.                                    (b) Page Two. The second page consists of          notice, so long as it does not interfere with
                                               (Note that disclosure of certain                     the following components:                             the readability of the model form or the space
                                            information, such as assets, income, and                   (1) The title.                                     constraints of each page.
                                            information from a consumer reporting                      (2) The Frequently Asked Questions on                (c) Page size and orientation. Each page of
                                            agency, may give rise to obligations under the          sharing practices.                                    the model form must be printed on one side
                                            Fair Credit Reporting Act [15 U.S.C. 1681–                 (3) The definitions.                               of an 8.5 by 11 inch paper in portrait
                                            1681x] (FCRA), such as a requirement to                    (c) Page Three. The third page consists of         orientation.
                                            permit a consumer to opt out of disclosures             a financial institution’s opt-out form.
                                                                                                                                                            (d) Color. The model form may be printed
                                            to affiliates or designation as a consumer
                                                                                                    3. The Format of the Model Privacy Form               on white or light color paper (such as cream)
rwilkins on PROD1PC63 with PROPOSALS




                                            reporting agency if disclosures are made to
                                            nonaffiliated third parties.)                              The model form is a standardized form,             with black or suitable contrasting color ink.
                                                                                                    including page layout, page content, format,          Spot color may be used to achieve visual
                                            2. The Contents of the Model Privacy Form               style, pagination, and shading. No other              interest, so long as the color contrast is
                                               The model form consists of two or three              information may be included in the model              distinctive and the color does not detract
                                            pages, depending on whether a financial                 form, and the model form may be modified              from the readability of the model form.
                                                                                                                                                                                                           EP29MR07.017</GPH>




                                            institution shares in a manner that requires            only as described below.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00040   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                                 14979

                                            C. Information Required in the Model                    shares for this reason may or may not elect           reason must answer ‘‘Yes’’ in the middle
                                            Privacy Form                                            to provide an opt-out and must provide the            column and ‘‘Yes (check your choices, p. 3)’’
                                              The model form is a standardized form,                corresponding answer in the right column as           corresponding to the availability of an opt-
                                            and institutions seeking to obtain the safe             described in paragraph C.2.(a) of this                out.
                                            harbor through use of the model form may                Instruction.                                             (8) Additional opt-outs. A financial
                                            modify the form only as described below:                   (4) For our affiliates’ everyday business          institution may customize the model form to
                                                                                                    purposes—information about transactions               offer opt-outs beyond those required under
                                            1. Name of the Institution or Group of                  and experiences. This provision applies to            Federal law, so long as the additional
                                            Affiliated Institutions Providing the Notice            sharing of certain information with an                information falls within the space constraints
                                               Include the name of the financial                    institution’s affiliates, as contemplated by          of the model form. If the institution chooses
                                            institution or group of affiliated institutions         sections 603(d)(2)(A)(i) and (ii) of the FCRA.        to offer its customers an opt-out for its own
                                            providing the notice on the form wherever               The financial institution must answer ‘‘Yes’’         marketing or for joint marketing, for example,
                                            [name of financial institution] appears.                or ‘‘No’’ in the middle column. An institution        it can provide for that option by stating: ‘‘Yes
                                            Contact information, such as the institution’s          that does not share for this reason must              (Check your choices, p. 3)’’ as to the
                                            toll-free telephone number, Web address, or             answer ‘‘We don’t share’’ in the right column.        availability of the opt-out.
                                            mailing address, or other contact                       An institution that does not have any                 3. Page Two
                                            information, should be inserted as                      affiliates will also use this answer.
                                                                                                    Institutions that share for this reason may or           (a) General instructions for the Definitions.
                                            appropriate, wherever [toll-free telephone] or
                                                                                                    may not elect to provide an opt-out and must             The financial institution must customize
                                            [web address] or [mailing address] appear.
                                                                                                    provide the corresponding answer in the               the space below the last three definitions in
                                            2. Page One                                             right column as described in paragraph                this section (affiliates, nonafffiliates, and
                                               (a) General instructions for the disclosure          C.2.(a) of this Instruction.                          joint marketing). This specific information
                                            table. There are reasons for sharing or using              (5) For our affiliates’ everyday business          must be in italicized lettering to set off the
                                            personal information listed in the left column          purposes—information about                            information from the standardized
                                            of the disclosure table. Each of these reasons          creditworthiness. This provision applies to           definitions.
                                            correlates to certain legal provisions                  the sharing of certain information with an               (b) Affiliates. As required by section
                                            described below. In the middle column, each             institution’s affiliates, as contemplated by          573.6(a)(3) of this part, the financial
                                            institution must provide a ‘‘Yes’’ or ‘‘No’’            section 603(d)(2)(A)(iii) of the FCRA. The            institution must identify the categories of its
                                            response in each box that accurately reflects           financial institution must answer ‘‘Yes’’ or          affiliates or state ‘‘[name of financial
                                            its information sharing policies and practices          ‘‘No’’ in the middle column. An institution           institution] has no affiliates’’ in italicized
                                            with respect to the reason listed on the left.          that does not share for this reason must              lettering where [affiliate information]
                                            Each institution also must complete each box            answer ‘‘We don’t share’’ in the right column.        appears. A financial institution that shares
                                            in the right column as to whether a consumer            An institution that does not have any                 with affiliates must use, as applicable, the
                                            can limit such sharing. If an institution               affiliates will also use this answer.                 following format: ‘‘Our affiliates include
                                            answers ‘‘No’’ to sharing for a particular              Institutions that share for this reason must          companies with a [name of financial
                                            reason in the middle column, it must answer             provide an opt-out and must provide the               institution] name; financial companies such
                                                                                                                                                          as [list companies]; and nonfinancial
                                            ‘‘We don’t share’’ in the corresponding right           appropriate answer in the right column as
                                                                                                                                                          companies, such as [list companies].’’
                                            column. If an institution answers ‘‘Yes’’ to            described in paragraph C.2.(a) of this
                                                                                                                                                             (c) Nonaffiliates. If the financial institution
                                            sharing for a particular reason in the middle           Instruction.
                                                                                                                                                          shares with nonaffiliated third parties
                                            column, it must, in the right column, answer               (6) For our affiliates to market to you. This
                                                                                                                                                          outside the exceptions in sections 573.14 and
                                            either ‘‘No’’ if it does not offer an opt-out or        provision applies to information shared
                                                                                                                                                          573.15 of this part, the institution must
                                            ‘‘Yes (Check your choices, p. 3)’’ if it does           among affiliates that is used by those
                                                                                                                                                          identify the types of nonaffiliated third
                                            offer an opt-out. Except for the sixth row              affiliates for marketing, as contemplated by
                                                                                                                                                          parties with which it shares or state ‘‘[name
                                            (‘‘For our affiliates to market to you’’), an           section 624 of the FCRA. Following the
                                                                                                                                                          of financial institution] does not share with
                                            institution must list all reasons for sharing,          effective date of the rules implementing              nonaffiliates so they can market to you.’’ in
                                            and complete the middle and right columns               section 624, institutions that elect to               italicized lettering where [nonaffiliate
                                            of the disclosure table.                                incorporate this provision into the model             information] appears. A financial institution
                                               (b) Specific disclosures and corresponding           form to satisfy their obligations under this          that shares with nonaffiliated third parties as
                                            legal provisions.                                       part must include this reason for sharing as          described here must use, as applicable, the
                                               (1) For our everyday business purposes.              set forth in the model form in order to obtain        following format: ‘‘Nonaffiliates we share
                                            Because all financial institutions share                the benefit of the safe harbor. Institutions          with can include [list categories of companies
                                            information for everyday business purposes,             whose affiliates receive such information and         such as mortgage companies, insurance
                                            as contemplated by sections 573.14 and                  use it for marketing must answer ‘‘Yes’’ in           companies, direct marketing companies, and
                                            573.15 of this part, the financial institution          the middle column, and ‘‘Yes (Check your              nonprofit organizations].’’
                                            must answer ‘‘Yes’’ to the sharing of such              choices, p. 3)’’ in the right column                     (d) Joint Marketing. As required by section
                                            information and ‘‘No’’ to the availability of           corresponding to the availability of an opt-          573.13 of this part, the financial institution
                                            an opt-out.                                             out. Institutions whose affiliates receive such       must identify the types of financial
                                               (2) For our marketing purposes. The                  information and do not use it for marketing           institutions with which it engages in joint
                                            financial institution must answer ‘‘Yes’’ or            may elect to include this provision in the            marketing or state ‘‘[name of financial
                                            ‘‘No’’ in the middle column. An institution             model form and answer ‘‘No’’ in the middle            institution] doesn’t jointly market.’’ in
                                            that does not share for this reason must                column and ‘‘We don’t share’’ in the right            italicized lettering where [joint marketing]
                                            answer ‘‘We don’t share’’ in the right column.          column; however, institutions whose                   appears. A financial institution that shares
                                            An institution that shares for this reason may          affiliates receive such information and do not        with joint marketing partners must use, as
                                            or may not elect to provide an opt-out and              use it for marketing are not required to use          applicable, the following format: ‘‘Our joint
                                            must provide the corresponding answer in                this provision. Institutions that do not have         marketing partners include [list categories of
                                            the right column as described in paragraph              affiliates and elect to include this provision        companies such as credit card companies].’’
                                            C.2.(a) of this Instruction. This provision             in their notice will answer ‘‘No’’ in the
                                            includes service providers contemplated by              middle column and ‘‘We don’t share’’ in the           4. Page Three
                                            section 573.13 of this part.                            right column.                                            Opt-out form. Financial institutions must
rwilkins on PROD1PC63 with PROPOSALS




                                               (3) For joint marketing with other financial            (7) For nonaffiliates to market to you. This       use page three only if they: (1) share or use
                                            companies. As contemplated by section                   provision applies to sharing under sections           information in a manner that triggers an opt-
                                            573.13 of this part, the financial institution          573.7 and 573.10(a) of this part. Financial           out; or (2) choose to provide an opt-out (as
                                            must answer ‘‘Yes’’ or ‘‘No’’ in the middle             institutions that do not share for this reason        disclosed in the table on page 1) in addition
                                            column. An institution that does not share              must answer ‘‘No’’ in the middle column and           to what is required by law. The model opt-
                                            for this reason must answer ‘‘We don’t share’’          ‘‘We don’t share’’ in the right column.               out form must be provided on a separate page
                                            in the right column. An institution that                Financial institutions that do share for this         of the model form.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00041   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14980                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                               (a) Contact us. The section describes three             (d) Additional opt-outs. A financial               § 716.2    Model privacy form and examples.
                                            common methods by which a consumer                      institution that uses the disclosure table to            (a) Model privacy form. Use of the
                                            exercises an opt-out ‘‘ by telephone, on the            indicate any opt-out choices available to
                                            Web, and by mail. Financial institutions may
                                                                                                                                                          model privacy form in Appendix A of
                                                                                                    consumers beyond those required by Federal
                                            customize this section to provide for the                                                                     this part, consistent with the
                                                                                                    law must include those opt-outs on page
                                            particular opt-out methods and options the              three of the model form. For example, if the
                                                                                                                                                          instructions in Appendix A, constitutes
                                            institution provides. For example, if an                financial institution discloses in the table          compliance with the notice content
                                            institution offers opting out by telephone and          that it offers an opt-out for joint marketing,        requirements of §§ 716.6 and 716.7 of
                                            the Web but not by mail, it would provide                                                                     this part, although use of the model
                                                                                                    the institution must revise the opt-out form
                                            only telephone and Web information as                                                                         privacy form is not required.
                                                                                                    on page three to reflect the availability of an
                                            shown in the model form in the ‘‘Contact Us’’
                                                                                                    opt-out, such as by adding a check-off box               (b) Examples. The examples in this
                                            box. Only institutions that allow more than
                                            30 days after providing the notice before               with the words ‘‘Do not share my personal             part are not exclusive. Compliance with
                                            sharing information may change the number               information with other financial institutions         an example, to the extent applicable,
                                            of days in the lower right hand section of the          to jointly market to me.’’ Likewise, if a             constitutes compliance with this part.
                                            box.                                                    financial institution chooses to offer its               3. In § 716.6, add paragraphs (f) and
                                               (b) Check your choices. Institutions must            customers an opt-out for its marketing, it can        (g) to read as follows:
                                            display the applicable opt-out options in the           provide for that option in the disclosure table
                                            ‘‘Check your choices’’ box shown on this                and on the opt-out form by adding a check-            § 716.6 Information to be included in
                                            page. If an institution chooses not to offer an         off box with the words ‘‘Do not share [or use]        privacy notices.
                                            opt-out by mail, it must delete the boxes for           my personal information to market to me.’’            *      *     *    *      *
                                            name, address, account number, and mailing
                                                                                                      7. Amend newly redesignated                            (f) Model privacy form. Pursuant to
                                            directions in the lower right-hand corner of
                                            the model form. Financial institutions that             Appendix B by adding a new sentence                   § 716.2(a) of this part, a model privacy
                                            only offer one or two of the opt-out options            immediately after the heading:                        form that meets the notice content
                                            listed on the model form must list only those                                                                 requirements of this section is included
                                            options from the model form that apply to               Appendix B to Part 573—Sample                         in Appendix A of this part.
                                            their practices and correspond accurately to            Clauses                                                  (g) Sample clauses. Sample clauses
                                            the disclosures on page one. Thus, if an                                                                      illustrating some of the notice content
                                            institution does not share in a manner that               This Appendix only applies to                       required by this section are included in
                                            requires an opt-out for sharing with                    privacy notices provided until the date               Appendix B of this part. Use of a sample
                                            nonaffiliates, it must not include that opt-out         that is on or before one year following
                                            option on page three of the model form.                                                                       clause in a privacy notice provided on
                                                                                                    the date of final publication of this rule.           or before [DATE ONE YEAR
                                            Institutions requiring information from                 * * *
                                            consumers on the opt-out form other than an                                                                   FOLLOWING THE DATE OF
                                            account number should modify that                       *     *     *     *    *                              PUBLICATION OF THE FINAL RULE],
                                            designation in the ‘‘Check your choices’’ box.                                                                to the extent applicable, constitutes
                                                                                                    National Credit Union Administration
                                            Institutions that require customers with                                                                      compliance with this part.
                                            multiple accounts to identify each account to           12 CFR Chapter V                                         4. In § 716.7 add paragraph (i) to read
                                            which the opt-out should apply should
                                                                                                    Authority and Issuance                                as follows:
                                            modify that portion of the model form.
                                               (c) Section 624 opt-out. If the financial                                                                  § 716.7 Form of opt-out notice to
                                            institution’s affiliates use information for              For the reasons set forth in the joint
                                                                                                                                                          consumers; opt-out methods.
                                            marketing pursuant to section 624 of the                preamble, the National Credit Union
                                            FCRA, and the institution elects to                     Administration proposes to amend part                 *     *     *     *      *
                                            consolidate that opt-out notice in the model            716 of Chapter V of title 12 of the Code                (i) Model privacy form. Pursuant to
                                            form, it must include that disclosure and opt-          of Federal Regulations as follows:                    § 716.2(a) of this part, a model privacy
                                            out election as shown in the model form.                                                                      form that meets the notice content
                                            Institutions that elect to limit the time for the       PART 716—PRIVACY OF CONSUMER                          requirements of this section is included
                                            affiliate marketing opt-out, consistent with            FINANCIAL INFORMATION                                 in Appendix A of this part.
                                            the requirements of section 624, must adhere
                                            to the requirements of that section and the               1. The authority citation for part 716              Appendix A [Redesignated as
                                            Agencies’ implementing rule with respect to
                                                                                                    continues to read as follows:                         Appendix B]
                                            any subsequent notice and opt-out.
                                            Institutions that elect to limit the opt-out              Authority: 12 U.S.C. 1751 et seq.; 15 U.S.C.          5. Redesignate Appendix A as
                                            period must include a statement in italic, as           6801 et seq.                                          Appendix B.
                                            shown on the model form, that states the                                                                        6. Add new Appendix A to read as
                                            period of time for which the opt-out applies.             2. Revise § 716.2 to read as follows:               follows:
rwilkins on PROD1PC63 with PROPOSALS




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00042   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM    29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                           14981

                                            Appendix A to Part 716—Model
                                            Privacy Form
                                            A. The Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                    EP29MR07.018</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00043   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14982                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.019</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00044   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                              14983




                                            B. General Instructions                                 it to provide a third page with opt-out                 (a) Easily readable type font. Financial
                                                                                                    information.                                          institutions that use the model form must use
                                            1. How the Model Privacy Form Is Used                      (a) Page One. The first page consists of the       an easily readable type font. Easily readable
                                              The model form may be used, at the option             following components:                                 type font includes a minimum of 10-point
                                            of a financial institution, including a group              (1) The title.                                     font and sufficient spacing between the lines
                                            of affiliates that use a common privacy                    (2) The key frame (Why?, What?, How?).
                                                                                                       (3) The disclosure table (‘‘Reasons we can         of type.
                                            notice, to meet the content requirements of
                                                                                                    share your personal information’’).                     (b) Logo. A financial institution may
                                            the privacy notice and opt-out notice set
                                                                                                       (4) Contact information.                           include a corporate logo on any page of the
                                            forth in sections 716.6 and 716.7 of this part.
                                              (Note that disclosure of certain                         (b) Page Two. The second page consists of          notice, so long as it does not interfere with
                                            information, such as assets, income, and                the following components:                             the readability of the model form or the space
                                                                                                       (1) The title.                                     constraints of each page.
                                            information from a consumer reporting
                                                                                                       (2) The Frequently Asked Questions on                (c) Page size and orientation. Each page of
                                            agency, may give rise to obligations under the
                                                                                                    sharing practices.                                    the model form must be printed on one side
                                            Fair Credit Reporting Act [15 U.S.C. 1681–                 (3) The definitions.
                                            1681x] (FCRA), such as a requirement to                                                                       of an 8.5 by 11 inch paper in portrait
                                                                                                       (c) Page Three. The third page consists of
                                            permit a consumer to opt out of disclosures             a financial institution’s opt-out form.               orientation.
                                            to affiliates or designation as a consumer                                                                      (d) Color. The model form may be printed
                                                                                                    3. The Format of the Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                            reporting agency if disclosures are made to                                                                   on white or light color paper (such as cream)
                                            nonaffiliated third parties.)                              The model form is a standardized form,             with black or suitable contrasting color ink.
                                                                                                    including page layout, page content, format,          Spot color may be used to achieve visual
                                            2. The Contents of the Model Privacy Form               style, pagination, and shading. No other              interest, so long as the color contrast is
                                              The model form consists of two or three               information may be included in the model              distinctive and the color does not detract
                                            pages, depending on whether a financial                 form, and the model form may be modified              from the readability of the model form.
                                                                                                                                                                                                           EP29MR07.020</GPH>




                                            institution shares in a manner that requires            only as described below.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00045   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14984                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            C. Information Required in the Model                    shares for this reason may or may not elect           reason must answer ‘‘Yes’’ in the middle
                                            Privacy Form                                            to provide an opt-out and must provide the            column and ‘‘Yes (check your choices, p. 3)’’
                                              The model form is a standardized form,                corresponding answer in the right column as           corresponding to the availability of an opt-
                                            and institutions seeking to obtain the safe             described in paragraph C.2.(a) of this                out.
                                            harbor through use of the model form may                Instruction.                                             (8) Additional opt-outs. A financial
                                            modify the form only as described below:                   (4) For our affiliates’ everyday business          institution may customize the model form to
                                                                                                    purposes—information about transactions               offer opt-outs beyond those required under
                                            1. Name of the Institution or Group of                  and experiences. This provision applies to            Federal law, so long as the additional
                                            Affiliated Institutions Providing the Notice            sharing of certain information with an                information falls within the space constraints
                                               Include the name of the financial                    institution’s affiliates, as contemplated by          of the model form. If the institution chooses
                                            institution or group of affiliated institutions         sections 603(d)(2)(A)(i) and (ii) of the FCRA.        to offer its customers an opt-out for its own
                                            providing the notice on the form wherever               The financial institution must answer ‘‘Yes’’         marketing or for joint marketing, for example,
                                            [name of financial institution] appears.                or ‘‘No’’ in the middle column. An institution        it can provide for that option by stating: ‘‘Yes
                                            Contact information, such as the institution’s          that does not share for this reason must              (Check your choices, p.3)’’ as to the
                                            toll-free telephone number, Web address, or             answer ‘‘We don’t share’’ in the right column.        availability of the opt-out.
                                            mailing address, or other contact                       An institution that does not have any
                                                                                                    affiliates will also use this answer.                 3. Page Two
                                            information, should be inserted as
                                            appropriate, wherever [toll-free telephone] or          Institutions that share for this reason may or           (a) General instructions for the definitions.
                                            [web address] or [mailing address] appear.              may not elect to provide an opt-out and must             The financial institution must customize
                                                                                                    provide the corresponding answer in the               the space below the last three definitions in
                                            2. Page One                                             right column as described in paragraph                this section (affiliates, nonaffiliates, and joint
                                               (a) General instructions for the disclosure          C.2.(a) of this Instruction.                          marketing). This specific information must be
                                            table. There are reasons for sharing or using              (5) For our affiliates’ everyday business          in italicized lettering to set off the
                                            personal information listed in the left column          purposes—information about                            information from the standardized
                                            of the disclosure table. Each of these reasons          creditworthiness. This provision applies to           definitions.
                                            correlates to certain legal provisions                  the sharing of certain information with an               (b) Affiliates. As required by section
                                            described below. In the middle column, each             institution’s affiliates, as contemplated by          716.6(a)(3) of this part, the financial
                                            institution must provide a ‘‘Yes’’ or ‘‘No’’            section 603(d)(2)(A)(iii) of the FCRA. The            institution must identify the categories of its
                                            response in each box that accurately reflects           financial institution must answer ‘‘Yes’’ or          affiliates or state ‘‘[name of financial
                                            its information sharing policies and practices          ‘‘No’’ in the middle column. An institution           institution] has no affiliates’’ in italicized
                                            with respect to the reason listed on the left.          that does not share for this reason must              lettering where [affiliate information]
                                            Each institution also must complete each box            answer ‘‘We don’t share’’ in the right column.        appears. A financial institution that shares
                                            in the right column as to whether a consumer            An institution that does not have any                 with affiliates must use, as applicable, the
                                            can limit such sharing. If an institution               affiliates will also use this answer.                 following format: ‘‘Our affiliates include
                                            answers ‘‘No’’ to sharing for a particular              Institutions that share for this reason must          companies with a [name of financial
                                            reason in the middle column, it must answer             provide an opt-out and must provide the               institution] name; financial companies such
                                            ‘‘We don’t share’’ in the corresponding right           appropriate answer in the right column as             as [list companies]; and nonfinancial
                                            column. If an institution answers ‘‘Yes’’ to            described in paragraph C.2.(a) of this                companies, such as [list companies].’’
                                            sharing for a particular reason in the middle           Instruction.                                             (c) Nonaffiliates. If the financial institution
                                            column, it must, in the right column, answer               (6) For our affiliates to market to you. This      shares with nonaffiliated third parties
                                            either ‘‘No’’ if it does not offer an opt-out or        provision applies to information shared               outside the exceptions in sections 716.14 and
                                            ‘‘Yes (Check your choices, p. 3)’’ if it does           among affiliates that is used by those                716.15 of this part, the institution must
                                            offer an opt-out. Except for the sixth row              affiliates for marketing, as contemplated by          identify the types of nonaffiliated third
                                            (‘‘For our affiliates to market to you’’), an           section 624 of the FCRA. Following the                parties with which it shares or state ‘‘[name
                                            institution must list all reasons for sharing,          effective date of the rules implementing              of financial institution] does not share with
                                            and complete the middle and right columns               section 624, institutions that elect to               nonaffiliates so they can market to you.’’ in
                                            of the disclosure table.                                incorporate this provision into the model             italicized lettering where [nonaffiliate
                                               (b) Specific disclosures and corresponding           form to satisfy their obligations under this          information] appears. A financial institution
                                            legal provisions.                                       part must include this reason for sharing as          that shares with nonaffiliated third parties as
                                               (1) For our everyday business purposes.              set forth in the model form in order to obtain        described here must use, as applicable, the
                                            Because all financial institutions share                the benefit of the safe harbor. Institutions          following format: ‘‘Nonaffiliates we share
                                            information for everyday business purposes,             whose affiliates receive such information and         with can include [list categories of companies
                                            as contemplated by sections 716.14 and                  use it for marketing must answer ‘‘Yes’’ in           such as mortgage companies, insurance
                                            716.15 of this part, the financial institution          the middle column, and ‘‘Yes (Check your              companies, direct marketing companies, and
                                            must answer ‘‘Yes’’ to the sharing of such              choices, p. 3)’’ in the right column                  nonprofit organizations].’’
                                            information and ‘‘No’’ to the availability of           corresponding to the availability of an opt-             (d) Joint Marketing. As required by section
                                            an opt-out.                                             out. Institutions whose affiliates receive such       716.13 of this part, the financial institution
                                               (2) For our marketing purposes. The                  information and do not use it for marketing           must identify the types of financial
                                            financial institution must answer ‘‘Yes’’ or            may elect to include this provision in the            institutions with which it engages in joint
                                            ‘‘No’’ in the middle column. An institution             model form and answer ‘‘No’’ in the middle            marketing or state ‘‘[name of financial
                                            that does not share for this reason must                column and ‘‘We don’t share’’ in the right            institution] doesn’t jointly market.’’ in
                                            answer ‘‘We don’t share’’ in the right column.          column; however, institutions whose                   italicized lettering where [joint marketing]
                                            An institution that shares for this reason may          affiliates receive such information and do not        appears. A financial institution that shares
                                            or may not elect to provide an opt-out and              use it for marketing are not required to use          with joint marketing partners must use, as
                                            must provide the corresponding answer in                this provision. Institutions that do not have         applicable, the following format: ‘‘Our joint
                                            the right column as described in paragraph              affiliates and elect to include this provision        marketing partners include [list categories of
                                            C.2.(a) of this Instruction. This provision             in their notice will answer ‘‘No’’ in the             companies such as credit card companies].’’
                                            includes service providers contemplated by              middle column and ‘‘We don’t share’’ in the
                                            section 716.13 of this part.                            right column.
                                                                                                                                                          4. Page Three
rwilkins on PROD1PC63 with PROPOSALS




                                               (3) For joint marketing with other financial            (7) For nonaffiliates to market to you. This
                                            companies. As contemplated by section                   provision applies to sharing under sections              Opt-out form. Financial institutions must
                                            716.13 of this part, the financial institution          716.7 and 716.10(a) of this part. Financial           use page three only if they: (1) Share or use
                                            must answer ‘‘Yes’’ or ‘‘No’’ in the middle             institutions that do not share for this reason        information in a manner that triggers an opt-
                                            column. An institution that does not share              must answer ‘‘No’’ in the middle column and           out; or (2) choose to provide an opt-out (as
                                            for this reason must answer ‘‘We don’t share’’          ‘‘We don’t share’’ in the right column.               disclosed in the table on page 1) in addition
                                            in the right column. An institution that                Financial institutions that do share for this         to what is required by law. The model opt-



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00046   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                             14985

                                            out form must be provided on a separate page            consumers beyond those required by Federal              (b) Examples. The examples in this
                                            of the model form.                                      law must include those opt-outs on page               part are not exclusive. Compliance with
                                               (a) Contact us. The section describes three          three of the model form. For example, if the          an example, to the extent applicable,
                                            common methods by which a consumer                      financial institution discloses in the table
                                            exercises an opt-out—by telephone, on the
                                                                                                                                                          constitutes compliance with this part.
                                                                                                    that it offers an opt-out for joint marketing,
                                            Web, and by mail. Financial institutions may            the institution must revise the opt-out form            (c) Compliance. For non-federally
                                            customize this section to provide for the               on page three to reflect the availability of an       insured credit unions, compliance with
                                            particular opt-out methods and options the              opt-out, such as by adding a check-off box            an example contained in 12 CFR part
                                            institution provides. For example, if an                with the words ‘‘Do not share my personal             716, to the extent applicable, constitutes
                                            institution offers opting out by telephone and          information with other financial institutions         compliance with this part. For intrastate
                                            the Web but not by mail, it would provide               to jointly market to me.’’ Likewise, if a
                                            only telephone and Web information as                                                                         securities broker-dealers and investment
                                                                                                    financial institution chooses to offer its            advisors not registered with the
                                            shown in the model form in the ‘‘Contact Us’’           customers an opt-out for its marketing, it can
                                            box. Only institutions that allow more than             provide for that option in the disclosure table
                                                                                                                                                          Securities and Exchange Commission,
                                            30 days after providing the notice before               and on the opt-out form by adding a check-            compliance with an example contained
                                            sharing information may change the number               off box with the words ‘‘Do not share [or use]        in 17 CFR part 248, to the extent
                                            of days in the lower right hand section of the          my personal information to market to me.’’            applicable, constitutes compliance with
                                            box.                                                                                                          this part.
                                               (b) Check your choices. Institutions must              7. Amend newly redesignated
                                            display the applicable opt-out options in the           Appendix B by adding a new sentence                     3. In § 313.6, revise paragraph (f) and
                                            ‘‘Check your choices’’ box shown on this                immediately after the heading:                        add paragraph (g) to read as follows:
                                            page. If an institution chooses not to offer an
                                            opt-out by mail, it must delete the boxes for           Appendix B to Part 716—Sample                         § 313.6 Information to be included in
                                            name, address, account number, and mailing              Clauses                                               privacy notices.
                                            directions in the lower right-hand corner of
                                                                                                      This Appendix only applies to                       *      *     *    *      *
                                            the model form. Financial institutions that                                                                      (f) Model privacy form. Pursuant to
                                            only offer one or two of the opt-out options            privacy notices provided until the date
                                            listed on the model form must list only those           that is on or before one year following               § 313.2(a) of this part, a model privacy
                                            options from the model form that apply to               the date of final publication of this rule.           form that meets the notice content
                                            their practices and correspond accurately to            * * *                                                 requirements of this section is included
                                            the disclosures on page one. Thus, if an                *     *     *     *    *                              in Appendix A of this part.
                                            institution does not share in a manner that                                                                      (g) Sample clauses. Sample clauses
                                            requires an opt-out for sharing with                    Federal Trade Commission                              illustrating some of the notice content
                                            nonaffiliates, it must not include that opt-out
                                            option on page three of the model form.                 16 CFR Chapter I                                      required by this section are included in
                                            Institutions requiring information from                 Authority and Issuance                                Appendix B of this part. Use of a sample
                                            consumers on the opt-out form other than an                                                                   clause in a privacy notice provided on
                                            account number should modify that                         For the reasons set forth in the joint              or before [DATE ONE YEAR
                                            designation in the ‘‘Check your choices’’ box.          preamble, the Federal Trade                           FOLLOWING THE DATE OF
                                            Institutions that require customers with                Commission proposes to amend part                     PUBLICATION OF THE FINAL RULE],
                                            multiple accounts to identify each account to           313 of chapter I of title 16 of the Code              to the extent applicable, constitutes
                                            which the opt-out should apply should                   of Federal Regulations as follows:                    compliance with this part.
                                            modify that portion of the model form.
                                               (c) Section 624 opt-out. If the financial            PART 313—PRIVACY OF CONSUMER                             4. In § 313.7 add paragraph (i) to read
                                            institution’s affiliates use information for            FINANCIAL INFORMATION                                 as follows:
                                            marketing pursuant to section 624 of the
                                            FCRA, and the institution elects to                       1. The authority citation for part 313              § 313.7 Form of opt-out notice to
                                            consolidate that opt-out notice in the model                                                                  consumers; opt-out methods.
                                                                                                    continues to read as follows:
                                            form, it must include that disclosure and opt-                                                                *     *     *     *      *
                                            out election as shown in the model form.                  Authority: 15 U.S.C. 6801 et seq.
                                                                                                      2. Revise § 313.2 to read as follows:                 (i) Model privacy form. Pursuant to
                                            Institutions that elect to limit the time for the                                                             § 313.2(a) of this part, a model privacy
                                            affiliate marketing opt-out, consistent with
                                            the requirements of section 624, must adhere            § 313.2 Model privacy form and rules of               form that meets the notice content
                                            to the requirements of that section and the             construction.                                         requirements of this section is included
                                            Agencies’ implementing rule with respect to               (a) Model privacy form. Use of the                  in Appendix A of this part.
                                            any subsequent notice and opt-out.                      model privacy form in Appendix A of
                                            Institutions that elect to limit the opt-out
                                                                                                                                                          Appendix A [Redesignated as Appendix
                                                                                                    this part, consistent with the                        B]
                                            period must include a statement in italics, as
                                            shown on the model form, that states the
                                                                                                    instructions in Appendix A, constitutes
                                                                                                    compliance with the notice content                      5. Redesignate Appendix A as
                                            period of time for which the opt-out applies.
                                               (d) Additional opt-outs. A financial                 requirements of §§ 313.6 and 313.7 of                 Appendix B.
                                            institution that uses the disclosure table to           this part, although use of the model                    6. Add new Appendix A to read as
                                            indicate any opt-out choices available to               privacy form is not required.                         follows:
rwilkins on PROD1PC63 with PROPOSALS




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00047   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14986                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            Appendix A to Part 313—Model
                                            Privacy Form
                                            A. The Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.021</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00048   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                           14987
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                    EP29MR07.022</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00049   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14988                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules




                                            B. General Instructions                                 it to provide a third page with opt-out                 (a) Easily readable type font. Financial
                                                                                                    information.                                          institutions that use the model form must use
                                            1. How the model privacy form is used.                     (a) Page One. The first page consists of the       an easily readable type font. Easily readable
                                              The model form may be used, at the option             following components:                                 type font includes a minimum of 10-point
                                            of a financial institution, including a group              (1) The title.                                     font and sufficient spacing between the lines
                                            of financial holding company affiliates that               (2) The key frame (Why?, What?, How?).             of type.
                                            use a common privacy notice, to meet the                   (3) The disclosure table (‘‘Reasons we can
                                            content requirements of the privacy notice                                                                      (b) Logo. A financial institution may
                                                                                                    share your personal information’’).
                                            and opt-out notice set forth in sections 313.6             (4) Contact information.                           include a corporate logo on any page of the
                                            and 313.7 of this part.                                    (b) Page Two. The second page consists of          notice, so long as it does not interfere with
                                              (Note that disclosure of certain                      the following components:                             the readability of the model form or the space
                                            information, such as assets, income, and                   (1) The title.                                     constraints of each page.
                                            information from a consumer reporting                      (2) The Frequently Asked Questions on                (c) Page size and orientation. Each page of
                                            agency, may give rise to obligations under the          sharing practices.                                    the model form must be printed on one side
                                            Fair Credit Reporting Act [15 U.S.C. 1681–                 (3) The definitions.                               of an 8.5 by 11 inch paper in portrait
                                            1681x] (FCRA), such as a requirement to                    (c) Page Three. The third page consists of         orientation.
                                            permit a consumer to opt out of disclosures             a financial institution’s opt-out form.                 (d) Color. The model form may be printed
                                            to affiliates or designation as a consumer                                                                    on white or light color paper (such as cream)
                                                                                                    3. The Format of the Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                            reporting agency if disclosures are made to
                                                                                                       The model form is a standardized form,             with black or suitable contrasting color ink.
                                            nonaffiliated third parties.)
                                                                                                    including page layout, page content, format,          Spot color may be used to achieve visual
                                            2. The Contents of the Model Privacy Form               style, pagination, and shading. No other              interest, so long as the color contrast is
                                               The model form consists of two or three              information may be included in the model              distinctive and the color does not detract
                                            pages, depending on whether a financial                 form, and the model form may be modified              from the readability of the model form.
                                                                                                                                                                                                           EP29MR07.023</GPH>




                                            institution shares in a manner that requires            only as described below.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00050   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                                 14989

                                            C. Information Required in the Model                    shares for this reason may or may not elect           reason must answer ‘‘Yes’’ in the middle
                                            Privacy Form                                            to provide an opt-out and must provide the            column and ‘‘Yes (check your choices, p. 3)’’
                                              The model form is a standardized form,                corresponding answer in the right column as           corresponding to the availability of an opt-
                                            and institutions seeking to obtain the safe             described in paragraph C.2.(a) of this                out.
                                            harbor through use of the model form may                Instruction.                                             (8) Additional opt-outs. A financial
                                            modify the form only as described below:                   (4) For our affiliates’ everyday business          institution may customize the model form to
                                                                                                    purposes—information about transactions               offer opt-outs beyond those required under
                                            1. Name of the Institution or Group of                  and experiences. This provision applies to            Federal law, so long as the additional
                                            Affiliated Institutions Providing the Notice            sharing of certain information with an                information falls within the space constraints
                                               Include the name of the financial                    institution’s affiliates, as contemplated by          of the model form. If the institution chooses
                                            institution or group of affiliated institutions         sections 603(d)(2)(A)(i) and (ii) of the FCRA.        to offer its customers an opt-out for its own
                                            providing the notice on the form wherever               The financial institution must answer ‘‘Yes’’         marketing or for joint marketing, for example,
                                            [name of financial institution] appears.                or ‘‘No’’ in the middle column. An institution        it can provide for that option by stating: ‘‘Yes
                                            Contact information, such as the institution’s          that does not share for this reason must              (Check your choices, p. 3)’’ as to the
                                            toll-free telephone number, Web address, or             answer ‘‘We don’t share’’ in the right column.        availability of the opt-out.
                                            mailing address, or other contact                       An institution that does not have any                    3. Page Two
                                            information, should be inserted as                      affiliates will also use this answer.                    (a) General instructions for the Definitions.
                                            appropriate, wherever [toll-free telephone] or          Institutions that share for this reason may or           The financial institution must customize
                                            [web address] or [mailing address] appear.              may not elect to provide an opt-out and must          the space below the last three definitions in
                                                                                                    provide the corresponding answer in the               this section (affiliates, nonafffiliates, and
                                            2. Page One                                             right column as described in paragraph                joint marketing). This specific information
                                               (a) General instructions for the disclosure          C.2.(a) of this Instruction.                          must be in italicized lettering to set off the
                                            table. There are reasons for sharing or using              (5) For our affiliates’ everyday business          information from the standardized
                                            personal information listed in the left column          purposes—information about                            definitions.
                                            of the disclosure table. Each of these reasons          creditworthiness. This provision applies to              (b) Affiliates. As required by section
                                            correlates to certain legal provisions                  the sharing of certain information with an            313.6(a)(3) of this part, the financial
                                            described below. In the middle column, each             institution’s affiliates, as contemplated by          institution must identify the categories of its
                                            institution must provide a ‘‘Yes’’ or ‘‘No’’            section 603(d)(2)(A)(iii) of the FCRA. The            affiliates or state ‘‘[name of financial
                                            response in each box that accurately reflects           financial institution must answer ‘‘Yes’’ or          institution] has no affiliates’’ in italicized
                                            its information sharing policies and practices          ‘‘No’’ in the middle column. An institution           lettering where [affiliate information]
                                            with respect to the reason listed on the left.          that does not share for this reason must              appears. A financial institution that shares
                                            Each institution also must complete each box            answer ‘‘We don’t share’’ in the right column.        with affiliates must use, as applicable, the
                                            in the right column as to whether a consumer            An institution that does not have any                 following format: ‘‘Our affiliates include
                                            can limit such sharing. If an institution               affiliates will also use this answer.                 companies with a [name of financial
                                            answers ‘‘No’’ to sharing for a particular              Institutions that share for this reason must          institution] name; financial companies such
                                            reason in the middle column, it must answer             provide an opt-out and must provide the               as [list companies]; and nonfinancial
                                            ‘‘We don’t share’’ in the corresponding right           appropriate answer in the right column as             companies, such as [list companies].’’
                                            column. If an institution answers ‘‘Yes’’ to            described in paragraph C.2.(a) of this                   (c) Nonaffiliates. If the financial institution
                                            sharing for a particular reason in the middle           Instruction.                                          shares with nonaffiliated third parties
                                            column, it must, in the right column, answer               (6) For our affiliates to market to you. This      outside the exceptions in sections 313.14 and
                                            either ‘‘No’’ if it does not offer an opt-out or        provision applies to information shared               313.15 of this part, the institution must
                                            ‘‘Yes (Check your choices, p. 3)’’ if it does           among affiliates that is used by those                identify the types of nonaffiliated third
                                            offer an opt-out. Except for the sixth row              affiliates for marketing, as contemplated by          parties with which it shares or state ‘‘[name
                                            (‘‘For our affiliates to market to you’’), an           section 624 of the FCRA. Following the                of financial institution] does not share with
                                            institution must list all reasons for sharing,          effective date of the rules implementing              nonaffiliates so they can market to you.’’ in
                                            and complete the middle and right columns               section 624, institutions that elect to               italicized lettering where [nonaffiliate
                                            of the disclosure table.                                incorporate this provision into the model             information] appears. A financial institution
                                               (b) Specific disclosures and corresponding           form to satisfy their obligations under this          that shares with nonaffiliated third parties as
                                            legal provisions.                                       part must include this reason for sharing as          described here must use, as applicable, the
                                               (1) For our everyday business purposes.              set forth in the model form in order to obtain        following format: ‘‘Nonaffiliates we share
                                            Because all financial institutions share                the benefit of the safe harbor. Institutions          with can include [list categories of companies
                                            information for everyday business purposes,             whose affiliates receive such information and         such as mortgage companies, insurance
                                            as contemplated by sections 313.14 and                  use it for marketing must answer ‘‘Yes’’ in           companies, direct marketing companies, and
                                            313.15 of this part, the financial institution          the middle column, and ‘‘Yes (Check your              nonprofit organizations].’’
                                            must answer ‘‘Yes’’ to the sharing of such              choices, p. 3)’’ in the right column                     (d) Joint Marketing. As required by section
                                            information and ‘‘No’’ to the availability of           corresponding to the availability of an opt-          313.13 of this part, the financial institution
                                            an opt-out.                                             out. Institutions whose affiliates receive such       must identify the types of financial
                                               (2) For our marketing purposes. The                  information and do not use it for marketing           institutions with which it engages in joint
                                            financial institution must answer ‘‘Yes’’ or            may elect to include this provision in the            marketing or state ‘‘[name of financial
                                            ‘‘No’’ in the middle column. An institution             model form and answer ‘‘No’’ in the middle            institution] doesn’t jointly market.’’ in
                                            that does not share for this reason must                column and ‘‘We don’t share’’ in the right            italicized lettering where [joint marketing]
                                            answer ‘‘We don’t share’’ in the right column.          column; however, institutions whose                   appears. A financial institution that shares
                                            An institution that shares for this reason may          affiliates receive such information and do not        with joint marketing partners must use, as
                                            or may not elect to provide an opt-out and              use it for marketing are not required to use          applicable, the following format: ‘‘Our joint
                                            must provide the corresponding answer in                this provision. Institutions that do not have         marketing partners include [list categories of
                                            the right column as described in paragraph              affiliates and elect to include this provision        companies such as credit card companies].’’
                                            C.2.(a) of this Instruction. This provision             in their notice will answer ‘‘No’’ in the
                                            includes service providers contemplated by              middle column and ‘‘We don’t share’’ in the           4. Page Three
                                            section 313.13 of this part.                            right column.                                            Opt-out form. Financial institutions must
rwilkins on PROD1PC63 with PROPOSALS




                                               (3) For joint marketing with other financial            (7) For nonaffiliates to market to you. This       use page three only if they: (1) share or use
                                            companies. As contemplated by section                   provision applies to sharing under sections           information in a manner that triggers an opt-
                                            313.13 of this part, the financial institution          313.7 and 313.10(a) of this part. Financial           out; or (2) choose to provide an opt-out (as
                                            must answer ‘‘Yes’’ or ‘‘No’’ in the middle             institutions that do not share for this reason        disclosed in the table on page 1) in addition
                                            column. An institution that does not share              must answer ‘‘No’’ in the middle column and           to what is required by law. The model opt-
                                            for this reason must answer ‘‘We don’t share’’          ‘‘We don’t share’’ in the right column.               out form must be provided on a separate page
                                            in the right column. An institution that                Financial institutions that do share for this         of the model form.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00051   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14990                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                               (a) Contact us. The section describes three          that it offers an opt-out for joint marketing,          (1) Any person or entity otherwise
                                            common methods by which a consumer                      the institution must revise the opt-out form          subject to this part that is subject to and
                                            exercises an opt-out—by telephone, on the               on page three to reflect the availability of an       in compliance with the Securities and
                                            Web, and by mail. Financial institutions may            opt-out, such as by adding a check-off box            Exchange Commission Regulation S–P,
                                            customize this section to provide for the               with the words ‘‘Do not share my personal
                                                                                                                                                          17 CFR part 248, will be deemed to be
                                            particular opt-out methods and options the              information with other financial institutions
                                            institution provides. For example, if an                to jointly market to me.’’ Likewise, if a             in compliance with this part.
                                            institution offers opting out by telephone and          financial institution chooses to offer its              (2) Any commodity trading advisor
                                            the Web but not by mail, it would provide               customers an opt-out for its marketing, it can        otherwise subject to this part that is
                                            only telephone and Web information as                   provide for that option in the disclosure table       registered or required to be registered as
                                            shown in the model form in the ‘‘Contact Us’’           and on the opt-out form by adding a check-            an investment adviser in the state in
                                            box. Only institutions that allow more than             off box with the words ‘‘Do not share [or use]        which it maintains its principal office
                                            30 days after providing the notice before               my personal information to market to me.’’            and place of business as defined in
                                            sharing information may change the number
                                                                                                      7. Amend newly redesignated                         § 275.203A–3 of this title, and that is
                                            of days in the lower right hand section of the
                                            box.                                                    Appendix B by adding a new sentence                   subject to and in compliance with 16
                                               (b) Check your choices. Institutions must            immediately after the heading:                        CFR part 313, will be deemed to be in
                                            display the applicable opt-out options in the                                                                 compliance with this part.
                                                                                                    Appendix B to Part 313–Sample
                                            ‘‘Check your choices’’ box shown on this
                                                                                                    Clauses                                                 3. In § 160.6, revise paragraph (f) and
                                            page. If an institution chooses not to offer an                                                               add paragraph (g) to read as follows:
                                            opt-out by mail, it must delete the boxes for             This Appendix only applies to
                                            name, address, account number, and mailing              privacy notices provided until the date               § 160.6 Information to be included in
                                            directions in the lower right-hand corner of            that is on or before one year following               privacy notices.
                                            the model form. Financial institutions that             the date of final publication of this rule.           *      *     *    *      *
                                            only offer one or two of the opt-out options            * * *                                                    (f) Model privacy form. Pursuant to
                                            listed on the model form must list only those
                                            options from the model form that apply to               *     *     *     *    *                              § 160.2(a) of this part, a model privacy
                                            their practices and correspond accurately to                                                                  form that meets the notice content
                                                                                                    Commodity Futures Trading                             requirements of this section is included
                                            the disclosures on page one. Thus, if an                Commission
                                            institution does not share in a manner that                                                                   in Appendix A of this part.
                                            requires an opt-out for sharing with                    17 CFR Chapter I                                         (g) Sample clauses. Sample clauses
                                            nonaffiliates, it must not include that opt-out                                                               illustrating some of the notice content
                                                                                                    Authority and Issuance
                                            option on page three of the model form.                                                                       required by this section are included in
                                            Institutions requiring information from                   For the reasons set forth in the joint              Appendix B of this part. Use of a sample
                                            consumers on the opt-out form other than an             preamble, the Commodity Futures                       clause in a privacy notice provided on
                                            account number should modify that                       Trading Commission proposes to amend                  or before [DATE ONE YEAR
                                            designation in the ‘‘Check your choices’’ box.          part 160 of chapter I of title 17 of the
                                            Institutions that require customers with                                                                      FOLLOWING THE DATE OF
                                                                                                    Code of Federal Regulations as follows:               PUBLICATION OF THE FINAL RULE],
                                            multiple accounts to identify each account to
                                            which the opt-out should apply should                   PART 160—PRIVACY OF CONSUMER                          to the extent applicable, constitutes
                                            modify that portion of the model form.                  FINANCIAL INFORMATION                                 compliance with this part.
                                               (c) Section 624 opt-out. If the financial                                                                     4. In § 160.7 add paragraph (i) to read
                                            institution’s affiliates use information for              1. The authority citation for part 160              as follows:
                                            marketing pursuant to section 624 of the                continues to read as follows:
                                            FCRA, and the institution elects to                                                                           § 160.7 Form of opt-out notice to
                                                                                                      Authority: 7 U.S.C. 7b–2 and 12a(5); 15             consumers; opt-out methods.
                                            consolidate that opt-out notice in the model
                                                                                                    U.S.C. 6801 et seq.
                                            form, it must include that disclosure and opt-                                                                *     *     *     *      *
                                            out election as shown in the model form.                  2. Revise § 160.2 to read as follows:
                                            Institutions that elect to limit the time for the
                                                                                                                                                            (i) Model privacy form. Pursuant to
                                            affiliate marketing opt-out, consistent with            § 160.2 Model privacy form and rules of               § 160.2(a) of this part, a model privacy
                                            the requirements of section 624, must adhere            construction.                                         form that meets the notice content
                                            to the requirements of that section and the               (a) Model privacy form. Use of the                  requirements of this section is included
                                            Agencies’ implementing rule with respect to             model privacy form in Appendix A of                   in Appendix A of this part.
                                            any subsequent notice and opt-out.                      this part, consistent with the                        Appendix A [Redesignated as Appendix
                                            Institutions that elect to limit the opt-out            instructions in Appendix A, constitutes
                                            period must include a statement in italics, as                                                                B]
                                                                                                    compliance with the notice content
                                            shown on the model form, that states the                                                                        5. Redesignate Appendix A as
                                                                                                    requirements of §§ 160.6 and 160.7 of
                                            period of time for which the opt-out applies.                                                                 Appendix B.
                                               (d) Additional opt-outs. A financial
                                                                                                    this part, although use of the model
                                            institution that uses the disclosure table to           privacy form is not required.                           6. Add new Appendix A to read as
                                            indicate any opt-out choices available to                 (b) Examples. The examples in this                  follows:
                                            consumers beyond those required by Federal              part are not exclusive. Compliance with
                                                                                                    an example, to the extent applicable,                 Appendix A to Part 160—Model
                                            law must include those opt-outs on page
                                                                                                    constitutes compliance with this part.                Privacy Form
                                            three of the model form. For example, if the
                                            financial institution discloses in the table              (c) Substituted compliance.                         A. The Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                       VerDate Aug<31>2005   19:33 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00052   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                           14991
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                    EP29MR07.024</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00053   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14992                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                            EP29MR07.025</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00054   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                              14993




                                            B. General Instructions                                 it to provide a third page with opt-out                 (a) Easily readable type font. Financial
                                                                                                    information.                                          institutions that use the model form must use
                                            1. How the Model Privacy Form Is Used                      (a) Page One. The first page consists of the       an easily readable type font. Easily readable
                                              The model form may be used, at the option             following components:                                 type font includes a minimum of 10-point
                                            of a financial institution, including a group              (1) The title.                                     font and sufficient spacing between the lines
                                            of financial holding company affiliates that               (2) The key frame (Why?, What?, How?).             of type.
                                            use a common privacy notice, to meet the                   (3) The disclosure table (‘‘Reasons we can
                                            content requirements of the privacy notice                                                                      (b) Logo. A financial institution may
                                                                                                    share your personal information’’).
                                            and opt-out notice set forth in sections 160.6             (4) Contact information.                           include a corporate logo on any page of the
                                            and 160.7 of this part.                                    (b) Page Two. The second page consists of          notice, so long as it does not interfere with
                                              (Note that disclosure of certain                      the following components:                             the readability of the model form or the space
                                            information, such as assets, income, and                   (1) The title.                                     constraints of each page.
                                            information from a consumer reporting                      (2) The Frequently Asked Questions on                (c) Page size and orientation. Each page of
                                            agency, may give rise to obligations under the          sharing practices.                                    the model form must be printed on one side
                                            Fair Credit Reporting Act [15 U.S.C. 1681–                 (3) The definitions.                               of an 8.5 by 11 inch paper in portrait
                                            1681x] (FCRA), such as a requirement to                    (c) Page Three. The third page consists of         orientation.
                                            permit a consumer to opt out of disclosures             a financial institution’s opt-out form.                 (d) Color. The model form may be printed
                                            to affiliates or designation as a consumer                                                                    on white or light color paper (such as cream)
                                                                                                    3. The Format of the Model Privacy Form
rwilkins on PROD1PC63 with PROPOSALS




                                            reporting agency if disclosures are made to
                                                                                                       The model form is a standardized form,             with black or suitable contrasting color ink.
                                            nonaffiliated third parties.)
                                                                                                    including page layout, page content, format,          Spot color may be used to achieve visual
                                            2. The Contents of the Model Privacy Form               style, pagination, and shading. No other              interest, so long as the color contrast is
                                               The model form consists of two or three              information may be included in the model              distinctive and the color does not detract
                                            pages, depending on whether a financial                 form, and the model form may be modified              from the readability of the model form.
                                                                                                                                                                                                           EP29MR07.026</GPH>




                                            institution shares in a manner that requires            only as described below.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00055   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14994                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            C. Information Required in the Model                    shares for this reason may or may not elect           reason must answer ‘‘Yes’’ in the middle
                                            Privacy Form                                            to provide an opt-out and must provide the            column and ‘‘Yes (check your choices, p. 3)’’
                                              The model form is a standardized form,                corresponding answer in the right column as           corresponding to the availability of an opt-
                                            and institutions seeking to obtain the safe             described in paragraph C.2.(a) of this                out.
                                            harbor through use of the model form may                Instruction.                                             (8) Additional opt-outs. A financial
                                            modify the form only as described below:                   (4) For our affiliates’ everyday business          institution may customize the model form to
                                                                                                    purposes ‘‘ information about transactions            offer opt-outs beyond those required under
                                            1. Name of the Institution or Group of                  and experiences. This provision applies to            Federal law, so long as the additional
                                            Affiliated Institutions Providing the Notice            sharing of certain information with an                information falls within the space constraints
                                               Include the name of the financial                    institution’s affiliates, as contemplated by          of the model form. If the institution chooses
                                            institution or group of affiliated institutions         sections 603(d)(2)(A) (i) and (ii) of the FCRA.       to offer its customers an opt-out for its own
                                            providing the notice on the form wherever               The financial institution must answer ‘‘Yes’’         marketing or for joint marketing, for example,
                                            [name of financial institution] appears.                or ‘‘No’’ in the middle column. An institution        it can provide for that option by stating: ‘‘Yes
                                            Contact information, such as the institution’s          that does not share for this reason must              (Check your choices, p.3)’’ as to the
                                            toll-free telephone number, Web address, or             answer ‘‘We don’t share’’ in the right column.        availability of the opt-out.
                                            mailing address, or other contact                       An institution that does not have any                 3. Page Two
                                            information, should be inserted as                      affiliates will also use this answer.
                                                                                                    Institutions that share for this reason may or           (a) General instructions for the Definitions.
                                            appropriate, wherever [toll-free telephone] or
                                                                                                    may not elect to provide an opt-out and must             The financial institution must customize
                                            [web address] or [mailing address] appear.
                                                                                                    provide the corresponding answer in the               the space below the last three definitions in
                                            2. Page One                                             right column as described in paragraph                this section (affiliates, nonafffiliates, and
                                               (a) General instructions for the disclosure          C.2.(a) of this Instruction.                          joint marketing). This specific information
                                            table. There are reasons for sharing or using              (5) For our affiliates’ everyday business          must be in italicized lettering to set off the
                                            personal information listed in the left column          purposes ‘‘ information about                         information from the standardized
                                            of the disclosure table. Each of these reasons          creditworthiness. This provision applies to           definitions.
                                            correlates to certain legal provisions                  the sharing of certain information with an               (b) Affiliates. As required by section
                                            described below. In the middle column, each             institution’s affiliates, as contemplated by          160.6(a)(3) of this part, the financial
                                            institution must provide a ‘‘Yes’’ or ‘‘No’’            section 603(d)(2)(A)(iii) of the FCRA. The            institution must identify the categories of its
                                            response in each box that accurately reflects           financial institution must answer ‘‘Yes’’ or          affiliates or state ‘‘[name of financial
                                            its information sharing policies and practices          ‘‘No’’ in the middle column. An institution           institution] has no affiliates’’ in italicized
                                            with respect to the reason listed on the left.          that does not share for this reason must              lettering where [affiliate information]
                                            Each institution also must complete each box            answer ‘‘We don’t share’’ in the right column.        appears. A financial institution that shares
                                            in the right column as to whether a consumer            An institution that does not have any                 with affiliates must use, as applicable, the
                                            can limit such sharing. If an institution               affiliates will also use this answer.                 following format: ‘‘Our affiliates include
                                            answers ‘‘No’’ to sharing for a particular              Institutions that share for this reason must          companies with a [name of financial
                                            reason in the middle column, it must answer             provide an opt-out and must provide the               institution] name; financial companies such
                                                                                                                                                          as [list companies]; and nonfinancial
                                            ‘‘We don’t share’’ in the corresponding right           appropriate answer in the right column as
                                                                                                                                                          companies, such as [list companies].’’
                                            column. If an institution answers ‘‘Yes’’ to            described in paragraph C.2.(a) of this
                                                                                                                                                             (c) Nonaffiliates. If the financial institution
                                            sharing for a particular reason in the middle           Instruction.
                                                                                                                                                          shares with nonaffiliated third parties
                                            column, it must, in the right column, answer               (6) For our affiliates to market to you. This
                                                                                                                                                          outside the exceptions in sections 160.14 and
                                            either ‘‘No’’ if it does not offer an opt-out or        provision applies to information shared
                                                                                                                                                          160.15 of this part, the institution must
                                            ‘‘Yes (Check your choices, p.3)’’ if it does            among affiliates that is used by those
                                                                                                                                                          identify the types of nonaffiliated third
                                            offer an opt-out. Except for the sixth row              affiliates for marketing, as contemplated by
                                                                                                                                                          parties with which it shares or state ‘‘[name
                                            (‘‘For our affiliates to market to you’’), an           section 624 of the FCRA. Following the
                                                                                                                                                          of financial institution] does not share with
                                            institution must list all reasons for sharing,          effective date of the rules implementing              nonaffiliates so they can market to you.’’ in
                                            and complete the middle and right columns               section 624, institutions that elect to               italicized lettering where [nonaffiliate
                                            of the disclosure table.                                incorporate this provision into the model             information] appears. A financial institution
                                               (b) Specific disclosures and corresponding           form to satisfy their obligations under this          that shares with nonaffiliated third parties as
                                            legal provisions.                                       part must include this reason for sharing as          described here must use, as applicable, the
                                               (1) For our everyday business purposes.              set forth in the model form in order to obtain        following format: ‘‘Nonaffiliates we share
                                            Because all financial institutions share                the benefit of the safe harbor. Institutions          with can include [list categories of companies
                                            information for everyday business purposes,             whose affiliates receive such information and         such as mortgage companies, insurance
                                            as contemplated by sections 160.14 and                  use it for marketing must answer ‘‘Yes’’ in           companies, direct marketing companies, and
                                            160.15 of this part, the financial institution          the middle column, and ‘‘Yes (Check your              nonprofit organizations].’’
                                            must answer ‘‘Yes’’ to the sharing of such              choices, p.3)’’ in the right column                      (d) Joint Marketing. As required by section
                                            information and ‘‘No’’ to the availability of           corresponding to the availability of an opt-          160.13 of this part, the financial institution
                                            an opt-out.                                             out. Institutions whose affiliates receive such       must identify the types of financial
                                               (2) For our marketing purposes. The                  information and do not use it for marketing           institutions with which it engages in joint
                                            financial institution must answer ‘‘Yes’’ or            may elect to include this provision in the            marketing or state ‘‘[name of financial
                                            ‘‘No’’ in the middle column. An institution             model form and answer ‘‘No’’ in the middle            institution] doesn’t jointly market.’’ in
                                            that does not share for this reason must                column and ‘‘We don’t share’’ in the right            italicized lettering where [joint marketing]
                                            answer ‘‘We don’t share’’ in the right column.          column; however, institutions whose                   appears. A financial institution that shares
                                            An institution that shares for this reason may          affiliates receive such information and do not        with joint marketing partners must use, as
                                            or may not elect to provide an opt-out and              use it for marketing are not required to use          applicable, the following format: ‘‘Our joint
                                            must provide the corresponding answer in                this provision. Institutions that do not have         marketing partners include [list categories of
                                            the right column as described in paragraph              affiliates and elect to include this provision        companies such as credit card companies].’’
                                            C.2.(a) of this Instruction. This provision             in their notice will answer ‘‘No’’ in the
                                            includes service providers contemplated by              middle column and ‘‘We don’t share’’ in the           4. Page Three
                                            section 160.13 of this part.                            right column.                                            Opt-out form. Financial institutions must
rwilkins on PROD1PC63 with PROPOSALS




                                               (3) For joint marketing with other financial            (7) For nonaffiliates to market to you. This       use page three only if they: (1) Share or use
                                            companies. As contemplated by section                   provision applies to sharing under sections           information in a manner that triggers an opt-
                                            160.13 of this part, the financial institution          160.7 and 160.10(a) of this part. Financial           out; or (2) choose to provide an opt-out (as
                                            must answer ‘‘Yes’’ or ‘‘No’’ in the middle             institutions that do not share for this reason        disclosed in the table on page 1) in addition
                                            column. An institution that does not share              must answer ‘‘No’’ in the middle column and           to what is required by law. The model opt-
                                            for this reason must answer ‘‘We don’t share’’          ‘‘We don’t share’’ in the right column.               out form must be provided on a separate page
                                            in the right column. An institution that                Financial institutions that do share for this         of the model form.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00056   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                               14995

                                               (a) Contact us. The section describes three          off box with the words ‘‘Do not share [or use]        merchant or introducing broker (as
                                            common methods by which a consumer                      my personal information to market to me.’’            those terms are defined in the
                                            exercises an opt-out—by telephone, on the                                                                     Commodity Exchange Act (7 U.S.C. 1, et
                                                                                                      7. Amend newly redesignated
                                            Web, and by mail. Financial institutions may
                                                                                                    Appendix B by adding a new sentence                   seq.)) registered by notice with the
                                            customize this section to provide for the
                                            particular opt-out methods and options the              immediately after the heading:                        Commission for the purpose of
                                            institution provides. For example, if an                                                                      conducting business in security futures
                                                                                                    Appendix B to Part 160—Sample                         products pursuant to section
                                            institution offers opting out by telephone and
                                            the Web but not by mail, it would provide
                                                                                                    Clauses                                               15(b)(11)(A) of the Securities Exchange
                                            only telephone and Web information as                     This Appendix only applies to                       Act of 1934 (15 U.S.C. 78o(b)(11)(A))
                                            shown in the model form in the ‘‘Contact Us’’           privacy notices provided until the date               that is subject to and in compliance
                                            box. Only institutions that allow more than             that is on or before one year following               with the financial privacy rules of the
                                            30 days after providing the notice before               the date of final publication of this rule.           Commodity Futures Trading
                                            sharing information may change the number
                                                                                                    * * *                                                 Commission (17 CFR part 160) will be
                                            of days in the lower right hand section of the
                                            box.                                                    *     *     *     *    *                              deemed to be in compliance with this
                                               (b) Check your choices. Institutions must                                                                  part.
                                                                                                    Securities and Exchange Commission
                                            display the applicable opt-out options in the                                                                 *     *      *    *     *
                                            ‘‘Check your choices’’ box shown on this                Statutory Authority                                     3. Amend § 248.6 by revising
                                            page. If an institution chooses not to offer an                                                               paragraph (f) and adding paragraph (g)
                                            opt-out by mail, it must delete the boxes for
                                                                                                      The Commission is proposing to
                                            name, address, account number, and mailing              amend Regulation S–P pursuant to                      to read as follows:
                                            directions in the lower right-hand corner of            authority set forth in section 728 of the
                                                                                                                                                          § 248.6 Information to be included in
                                            the model form. Financial institutions that             Regulatory Relief Act [Pub. L. 109–351],              privacy notices.
                                            only offer one or two of the opt-out options            section 504 of the GLB Act [15 U.S.C.
                                            listed on the model form must list only those           6804], section 23 of the Securities                   *      *    *     *    *
                                            options from the model form that apply to               Exchange Act [15 U.S.C. 78w], section                    (f) Model Form S–P. Pursuant to
                                            their practices and correspond accurately to            38(a) of the Investment Company Act                   § 248.2(a) and Appendix A of this part,
                                            the disclosures on page one. Thus, if an                [15 U.S.C. 80a–37(a)], and section 211 of             Form S–P meets the notice content
                                            institution does not share in a manner that
                                                                                                    the Investment Advisers Act [15 U.S.C.                requirements of this section.
                                            requires an opt-out for sharing with                                                                             (g) Sample clauses. Sample clauses
                                            nonaffiliates, it must not include that opt-out         80b–11].
                                                                                                                                                          illustrating some of the notice content
                                            option on page three of the model form.                 Text of Proposed Amendments                           required by this section are included in
                                            Institutions requiring information from
                                                                                                      For the reasons set forth in the                    Appendix B of this part. The sample
                                            consumers on the opt-out form other than an
                                            account number should modify that                       preamble, the Commission proposes to                  clauses in Appendix B of this part
                                            designation in the ‘‘Check your choices’’ box.          amend Title 17, Chapter II of the Code                provide guidance concerning the rule’s
                                            Institutions that require customers with                of Federal Regulations as follows:                    application in ordinary circumstances
                                            multiple accounts to identify each account to                                                                 in a privacy notice provided on or
                                            which the opt-out should apply should                   PART 248—REGULATION S–P:                              before [ONE YEAR FOLLOWING THE
                                            modify that portion of the model form.                  PRIVACY OF CONSUMER FINANCIAL                         DATE OF PUBLICATION OF THE
                                               (c) Section 624 opt-out. If the financial            INFORMATION                                           FINAL RULE]. The facts and
                                            institution’s affiliates use information for                                                                  circumstances of each individual
                                            marketing pursuant to section 624 of the                  1. Revise the authority citation for
                                                                                                                                                          situation, however, will determine
                                            FCRA, and the institution elects to                     part 248 to read as follows:
                                            consolidate that opt-out notice in the model                                                                  whether compliance with a sample
                                                                                                      Authority: 15 U.S.C. 78q; 78w; 78mm; 80a–           clause constitutes compliance with this
                                            form, it must include that disclosure and opt-
                                                                                                    30(a); 80a–37; 80b–4; 80b–11; 1681w; and              part.
                                            out election as shown in the model form.
                                                                                                    6801–6809.                                               4. Amend § 248.7 by adding
                                            Institutions that elect to limit the time for the
                                            affiliate marketing opt-out, consistent with              2. Revise § 248.2 to read as follows:               paragraph (i) to read as follows:
                                            the requirements of section 624, must adhere
                                            to the requirements of that section and the             § 248.2 Model privacy form; rule of                   § 248.7 Form of opt-out notice to
                                            Agencies’ implementing rule with respect to             construction.                                         consumers; opt-out methods.
                                            any subsequent notice and opt-out.                         (a) Model privacy form. Use of Form                *     *     *   *     *
                                            Institutions that elect to limit the opt-out            S–P (see Appendix A of this part),                      (i) Model Form S–P. Pursuant to
                                            period must include a statement in italics, as          consistent with the instructions to the               § 248.2(a) and Appendix A of this part,
                                            shown on the model form, that states the                form, constitutes compliance with the                 Form S–P meets the notice content
                                            period of time for which the opt-out applies.           notice content requirements of §§ 248.6               requirements of this section.
                                               (d) Additional opt-outs. A financial
                                            institution that uses the disclosure table to
                                                                                                    and 248.7 of this part, although use of
                                                                                                    Form S–P is not required.                             Appendix A [Redesignated as Appendix
                                            indicate any opt-out choices available to                                                                     B]
                                            consumers beyond those required by Federal                 (b) Examples. The examples in this
                                            law must include those opt-outs on page                 part provide guidance concerning the                    5. Redesignate Appendix A to Part
                                            three of the model form. For example, if the            rule’s application in ordinary                        248 as Appendix B.
                                            financial institution discloses in the table            circumstances. The facts and                            6. Add new Appendix A to read as
                                            that it offers an opt-out for joint marketing,          circumstances of each individual                      follows:
                                            the institution must revise the opt-out form            situation, however, will determine
                                            on page three to reflect the availability of an                                                               Appendix A to Part 248—Form S–P
                                                                                                    whether compliance with an example,
                                            opt-out, such as by adding a check-off box              to the extent practicable, constitutes                  (1) Any person may obtain a copy of Form
rwilkins on PROD1PC63 with PROPOSALS




                                            with the words ‘‘Do not share my personal                                                                     S–P prescribed for use in this part by written
                                            information with other financial institutions
                                                                                                    compliance with this part.                            request to the Securities and Exchange
                                            to jointly market to me.’’ Likewise, if a
                                                                                                       (c) Substituted compliance with CFTC               Commission, 100 F Street, NE., Washington,
                                            financial institution chooses to offer its              financial privacy rules by futures                    DC 20549. Any person also may view this
                                            customers an opt-out for its marketing, it can          commission merchants and introducing                  form at: [Web site URL].
                                            provide for that option in the disclosure table         brokers. Except with respect to                         (2) Use of Form S–P by brokers, dealers,
                                            and on the opt-out form by adding a check-              § 248.30(b), any futures commission                   and investment companies, and investment



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00057   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14996                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            advisers registered with the Commission                   7. Form S–P (referenced in Appendix A of            Securities and Exchange Commission—Form
                                            constitutes compliance with the notice                  this part) is added to read as follows:               S–P
                                            content requirements of §§ 248.6 and 248.7 of             Note: The text of Form S–P does not, and
                                                                                                                                                          A. Model Privacy Form
                                            this part.                                              this amendment will not, appear in the Code
                                                                                                    of Federal Regulations.
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                                    EP29MR07.027</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00058   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                           14997
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                                                    EP29MR07.028</GPH>




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00059   Fmt 4701   Sfmt 4725   E:\FR\FM\29MRP2.SGM   29MRP2
                                            14998                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules




                                            B. General Instructions                                 2. The contents of the model privacy form                (c) Page Three. The third page consists of
                                                                                                       The model form consists of two or three            a financial institution’s opt-out form.
                                            1. How the Model Privacy Form is Used
                                                                                                    pages, depending on whether a financial               3. The Format of the Model Privacy Form
                                              The model form may be used, at the option
                                                                                                    institution shares in a manner that requires             The model form is a standardized form,
                                            of a financial institution, including a group
                                            of financial holding company affiliates that            it to provide a third page with opt-out               including page layout, page content, format,
                                            use a common privacy notice, to meet the                information.                                          style, pagination, and shading. No other
                                            content requirements of the privacy notice                 (a) Page One. The first page consists of the       information may be included in the model
                                            and opt-out notice set forth in sections 248.6          following components:                                 form, and the model form may be modified
                                                                                                       (1) The title.                                     only as described below.
                                            and 248.7 of this part.
                                                                                                       (2) The key frame (Why?, What?, How?).                (a) Easily readable type font. Financial
                                              (Note that disclosure of certain
                                                                                                       (3) The disclosure table (‘‘Reasons we can         institutions that use the model form must use
                                            information, such as assets, income, and                                                                      an easily readable type font. Easily readable
                                            information from a consumer reporting                   share your personal information’’).
                                                                                                                                                          type font includes a minimum of 10-point
                                            agency, may give rise to obligations under the             (4) Contact information.
rwilkins on PROD1PC63 with PROPOSALS




                                                                                                                                                          font and sufficient spacing between the lines
                                            Fair Credit Reporting Act [15 U.S.C. 1681—                 (b) Page Two. The second page consists of          of type.
                                            1681x] (FCRA), such as a requirement to                 the following components:                                (b) Logo. A financial institution may
                                            permit a consumer to opt out of disclosures                (1) The title.                                     include a corporate logo on any page of the
                                            to affiliates or designation as a consumer                 (2) The Frequently Asked Questions on              notice, so long as it does not interfere with
                                            reporting agency if disclosures are made to             sharing practices.                                    the readability of the model form or the space
                                                                                                                                                                                                           EP29MR07.029</GPH>




                                            nonaffiliated third parties.)                              (3) The definitions.                               constraints of each page.



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00060   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                                                   Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules                                                 14999

                                              (c) Page size and orientation. Each page of           the right column as described in paragraph            will answer ‘‘No’’ in the middle column and
                                            the model form must be printed on one side              C.2.(a) of this Instruction. This provision           ‘‘We don’t share’’ in the right column.
                                            of an 8.5 by 11 inch paper in portrait                  includes service providers contemplated by               (7) For nonaffiliates to market to you. This
                                            orientation.                                            section 248.13 of this part.                          provision applies to sharing under sections
                                              (d) Color. The model form may be printed                 (3) For joint marketing with other financial       248.7 and 248.10(a) of this part. Financial
                                            on white or light color paper (such as cream)           companies. As contemplated by section                 institutions that do not share for this reason
                                            with black or suitable contrasting color ink.           248.13 of this part, the financial institution        must answer ‘‘No’’ in the middle column and
                                            Spot color may be used to achieve visual                must answer ‘‘Yes’’ or ‘‘No’’ in the middle           ‘‘We don’t share’’ in the right column.
                                            interest, so long as the color contrast is              column. An institution that does not share            Financial institutions that do share for this
                                            distinctive and the color does not detract              for this reason must answer ‘‘We don’t share’’        reason must answer ‘‘Yes’’ in the middle
                                            from the readability of the model form.                 in the right column. An institution that              column and ‘‘Yes (check your choices, p. 3)’’
                                                                                                    shares for this reason may or may not elect           corresponding to the availability of an opt-
                                            C. Information Required in the Model
                                                                                                    to provide an opt-out and must provide the            out.
                                            Privacy Form
                                                                                                    corresponding answer in the right column as              (8) Additional opt-outs. A financial
                                              The model form is a standardized form,                described in paragraph C.2.(a) of this                institution may customize the model form to
                                            and institutions seeking to obtain the safe             Instruction.                                          offer opt-outs beyond those required under
                                            harbor through use of the model form may                   (4) For our affiliates’ everyday business          Federal law, so long as the additional
                                            modify the form only as described below:                purposes—information about transactions               information falls within the space constraints
                                            1. Name of the Institution or Group of                  and experiences. This provision applies to            of the model form. If the institution chooses
                                            Affiliated Institutions Providing the Notice            sharing of certain information with an                to offer its customers an opt-out for its own
                                                                                                    institution’s affiliates, as contemplated by          marketing or for joint marketing, for example,
                                               Include the name of the financial                    sections 603(d)(2)(A)(i) and (ii) of the FCRA.        it can provide for that option by stating: ‘‘Yes
                                            institution or group of affiliated institutions         The financial institution must answer ‘‘Yes’’         (Check your choices, p.3)’’ as to the
                                            providing the notice on the form wherever               or ‘‘No’’ in the middle column. An institution        availability of the opt-out.
                                            [name of financial institution] appears.                that does not share for this reason must
                                            Contact information, such as the institution’s          answer ‘‘We don’t share’’ in the right column.        3. Page Two
                                            toll-free telephone number, Web address, or             An institution that does not have any                    (a) General instructions for the Definitions.
                                            mailing address, or other contact                       affiliates will also use this answer.                    The financial institution must customize
                                            information, should be inserted as                      Institutions that share for this reason may or        the space below the last three definitions in
                                            appropriate, wherever [toll-free telephone] or          may not elect to provide an opt-out and must          this section (affiliates, nonafffiliates, and
                                            [web address] or [mailing address] appear.              provide the corresponding answer in the               joint marketing).
                                            2. Page One                                             right column as described in paragraph                   This specific information must be in
                                                                                                    C.2.(a) of this Instruction.                          italicized lettering to set off the information
                                               (a) General instructions for the disclosure
                                                                                                       (5) For our affiliates’ everyday business          from the standardized definitions.
                                            table. There are reasons for sharing or using
                                                                                                    purposes—information about                               (b) Affiliates. As required by section
                                            personal information listed in the left column
                                            of the disclosure table. Each of these reasons          creditworthiness. This provision applies to           248.6(a)(3) of this part, the financial
                                            correlates to certain legal provisions                  the sharing of certain information with an            institution must identify the categories of its
                                            described below. In the middle column, each             institution’s affiliates, as contemplated by          affiliates or state ‘‘[name of financial
                                            institution must provide a ‘‘Yes’’ or ‘‘No’’            section 603(d)(2)(A)(iii) of the FCRA. The            institution] has no affiliates’’ in italicized
                                            response in each box that accurately reflects           financial institution must answer ‘‘Yes’’ or          lettering where [affiliate information]
                                            its information sharing policies and practices          ‘‘No’’ in the middle column. An institution           appears. A financial institution that shares
                                            with respect to the reason listed on the left.          that does not share for this reason must              with affiliates must use, as applicable, the
                                            Each institution also must complete each box            answer ‘‘We don’t share’’ in the right column.        following format: ‘‘Our affiliates include
                                            in the right column as to whether a consumer            An institution that does not have any                 companies with a [name of financial
                                            can limit such sharing. If an institution               affiliates will also use this answer.                 institution] name; financial companies such
                                            answers ‘‘No’’ to sharing for a particular              Institutions that share for this reason must          as [list companies]; and nonfinancial
                                            reason in the middle column, it must answer             provide an opt-out and must provide the               companies, such as [list companies].’’
                                            ‘‘We don’t share’’ in the corresponding right           appropriate answer in the right column as                (c) Nonaffiliates. If the financial institution
                                            column. If an institution answers ‘‘Yes’’ to            described in paragraph C.2.(a) of this                shares with nonaffiliated third parties
                                            sharing for a particular reason in the middle           Instruction.                                          outside the exceptions in sections 248.14 and
                                            column, it must, in the right column, answer               (6) For our affiliates to market to you. This      248.15 of this part, the institution must
                                            either ‘‘No’’ if it does not offer an opt-out or        provision applies to information shared               identify the types of nonaffiliated third
                                            ‘‘Yes (Check your choices, p.3)’’ if it does            among affiliates that is used by those                parties with which it shares or state ‘‘[name
                                            offer an opt-out. Except for the sixth row              affiliates for marketing, as contemplated by          of financial institution] does not share with
                                            (‘‘For our affiliates to market to you’’), an           section 624 of the FCRA. Following the                nonaffiliates so they can market to you.’’ in
                                            institution must list all reasons for sharing,          effective date of the rules implementing              italicized lettering where [nonaffiliate
                                            and complete the middle and right columns               section 624, institutions that elect to               information] appears. A financial institution
                                            of the disclosure table.                                incorporate this provision into the notice            that shares with nonaffiliated third parties as
                                               (b) Specific disclosures and corresponding           required under this part must include this            described here must use, as applicable, the
                                            legal provisions.                                       reason for sharing as set forth in the model          following format: ‘‘Nonaffiliates we share
                                               (1) For our everyday business purposes.              form. Institutions whose affiliates receive           with can include [list categories of companies
                                            Because all financial institutions share                such information and use it for marketing             such as mortgage companies, insurance
                                            information for everyday business purposes,             must answer ‘‘Yes’’ in the middle column,             companies, direct marketing companies, and
                                            as contemplated by sections 248.14 and                  and ‘‘Yes (Check your choices, p.3)’’ in the          nonprofit organizations].’’
                                            248.15 of this part, the financial institution          right column corresponding to the                        (d) Joint Marketing. As required by section
                                            must answer ‘‘Yes’’ to the sharing of such              availability of an opt-out. Institutions whose        248.13 of this part, the financial institution
                                            information and ‘‘No’’ to the availability of           affiliates receive such information and do not        must identify the types of financial
                                            an opt-out.                                             use it for marketing may elect to include this        institutions with which it engages in joint
                                               (2) For our marketing purposes. The                  provision in the model form and answer                marketing or state ‘‘[name of financial
rwilkins on PROD1PC63 with PROPOSALS




                                            financial institution must answer ‘‘Yes’’ or            ‘‘No’’ in the middle column and ‘‘We don’t            institution] doesn’t jointly market.’’ in
                                            ‘‘No’’ in the middle column. An institution             share’’ in the right column; however,                 italicized lettering where [joint marketing]
                                            that does not share for this reason must                institutions whose affiliates receive such            appears. A financial institution that shares
                                            answer ‘‘We don’t share’’ in the right column.          information and do not use it for marketing           with joint marketing partners must use, as
                                            An institution that shares for this reason may          are not required to use this provision.               applicable, the following format: ‘‘Our joint
                                            or may not elect to provide an opt-out and              Institutions that do not have affiliates and          marketing partners include [list categories of
                                            must provide the corresponding answer in                elect to include this provision in their notice       companies such as credit card companies].’’



                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00061   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2
                                            15000                  Federal Register / Vol. 72, No. 60 / Thursday, March 29, 2007 / Proposed Rules

                                            4. Page Three                                              (c) Section 624 opt-out. If the financial          PUBLICATION DATE OF THE FINAL
                                               Opt-out form. Financial institutions must            institution’s affiliates use information for          RULE]. * * *
                                            use page three only if they: (1) Share or use           marketing pursuant to section 624 of the
                                                                                                    FCRA, and the institution elects to
                                                                                                                                                          *   *     *  *  *
                                            information in a manner that triggers an opt-
                                            out; or (2) choose to provide an opt-out (as            consolidate that opt-out notice in the model            Dated: March 9, 2007.
                                            disclosed in the table on page 1) in addition           form, it must include that disclosure and opt-        John C. Dugan,
                                            to what is required by law. The model opt-              out election as shown in the model form.              Comptroller of the Currency.
                                            out form must be provided on a separate page            Institutions that elect to limit the time for the
                                                                                                    affiliate marketing opt-out, consistent with            By order of the Board of Governors of the
                                            of the model form.
                                                                                                    the requirements of section 624, must adhere          Federal Reserve System, March 16, 2007.
                                               (a) Contact us. The section describes three
                                            common methods by which a consumer                      to the requirements of that section and the           Jennifer J. Johnson,
                                            exercises an opt-out—by telephone, on the               Agencies’ implementing rule with respect to           Secretary of the Board.
                                            Web, and by mail. Financial institutions may            any subsequent notice and opt-out.                      By order of the Board of Directors.
                                            customize this section to provide for the               Institutions that elect to limit the opt-out            Dated at Washington, DC, this 20th day of
                                            particular opt-out methods and options the              period must include a statement in italics, as        March, 2007.
                                            institution provides. For example, if an                shown on the model form, that states the
                                            institution offers opting out by telephone and          period of time for which the opt-out applies.         Federal Deposit Insurance Corporation.
                                            the Web but not by mail, it would provide                  (d) Additional opt-outs. A financial               Robert E. Feldman,
                                            only telephone and Web information as                   institution that uses the disclosure table to         Executive Secretary.
                                            shown in the model form in the ‘‘Contact Us’’           indicate any opt-out choices available to               Dated: March 19, 2007.
                                            box. Only institutions that allow more than             consumers beyond those required by Federal
                                            30 days after providing the notice before                                                                       By the Office of Thrift Supervision.
                                                                                                    law must include those opt-outs on page
                                            sharing information may change the number               three of the model form. For example, if the          John M. Reich,
                                            of days in the lower right hand section of the          financial institution discloses in the table          Director.
                                            box.
                                                                                                    that it offers an opt-out for joint marketing,          By the National Credit Union
                                               (b) Check your choices. Institutions must
                                                                                                    the institution must revise the opt-out form          Administration Board on March 15, 2007.
                                            display the applicable opt-out options in the
                                                                                                    on page three to reflect the availability of an       Mary Rupp,
                                            ‘‘Check your choices’’ box shown on this
                                            page. If an institution chooses not to offer an         opt-out, such as by adding a check-off box
                                                                                                                                                          Secretary of the Board.
                                            opt-out by mail, it must delete the boxes for           with the words ‘‘Do not share my personal
                                                                                                    information with other financial institutions           The Federal Trade Commission.
                                            name, address, account number, and mailing
                                            directions in the lower right-hand corner of            to jointly market to me.’’ Likewise, if a               Dated: March 20, 2007.
                                            the model form. Financial institutions that             financial institution chooses to offer its              By direction of the Commission.
                                            only offer one or two of the opt-out options            customers an opt-out for its marketing, it can        Donald S. Clark,
                                            listed on the model form must list only those           provide for that option in the disclosure table
                                                                                                    and on the opt-out form by adding a check-            Secretary.
                                            options from the model form that apply to
                                                                                                    off box with the words ‘‘Do not share [or use]          Dated: March 20, 2007.
                                            their practices and correspond accurately to
                                            the disclosures on page one. Thus, if an                my personal information to market to me.’’            Eileen A. Donovan,
                                            institution does not share in a manner that                                                                   Acting Secretary of the Commodity Futures
                                            requires an opt-out for sharing with                      8. Amend newly designated                           Trading Commission.
                                            nonaffiliates, it must not include that opt-out         Appendix B by adding a new sentence                     By the Securities and Exchange
                                            option on page three of the model form.                 immediately after the heading to read as              Commission.
                                            Institutions requiring information from                 follows:                                                Dated: March 20, 2007.
                                            consumers on the opt-out form other than an
                                            account number should modify that                       Appendix B to Part 248—Sample                         Florence E. Harmon,
                                            designation in the ‘‘Check your choices’’ box.          Clauses                                               Deputy Secretary.
                                            Institutions that require customers with                                                                      [FR Doc. 07–1476 Filed 3–28–07; 8:45 am]
                                            multiple accounts to identify each account to             This appendix provides guidance
                                                                                                                                                          BILLING CODE 4810–33–P, 6210–01–P, 6714–01–P,
                                            which the opt-out should apply should                   only for privacy notices provided on or               6720–01–P, 7535–01–P, 6750–01–P, 6351–01–P, 8010–01–
                                            modify that portion of the model form.                  before [ONE YEAR AFTER THE                            P
rwilkins on PROD1PC63 with PROPOSALS




                                       VerDate Aug<31>2005   19:04 Mar 28, 2007   Jkt 211001   PO 00000   Frm 00062   Fmt 4701   Sfmt 4702   E:\FR\FM\29MRP2.SGM   29MRP2