(1) This part applies only
to nonpublic personal information about individuals who obtain financial
products or services primarily for personal, family, or household
purposes from the institutions listed below. This part does not apply
to information about companies or about individuals who obtain financial
products or services for business, commercial, or agricultural purposes.
This part applies to those financial institutions and other persons
for which the Bureau of Consumer Financial Protection (Bureau) has
rulemaking authority pursuant to section 504(a)(1)(A) of the Gramm-Leach-Bliley
Act (GLB Act) (15 U.S.C. 6804(a)(1)(A)).
* Specifically, this
part applies to any financial institution and other covered person
or service provider that is subject to Subtitle A of Title V of the
GLB Act, including third parties that are not financial institutions
but that receive nonpublic personal information from financial institutions
with whom they
are not affiliated. This part does not apply to certain motor
vehicle dealers described in 12 U.S.C. 5519 or to entities for which
the Securities and Exchange Commission or the Commodity Futures Trading
Commission has rulemaking authority pursuant to sections 504(a)(1)(A)-(B)
of the GLB Act (15 U.S.C. 6804(a)(1)(A)-(B)). Except as otherwise
specifically provided herein, entities to which this part applies
are referred to in this part as “you.”
(2) (i) Nothing
in this part modifies, limits, or supersedes the standards governing
individually identifiable health information promulgated by the Secretary
of Health and Human Services under the authority of sections 262 and
264 of the Health Insurance Portability and Accountability Act of
1996 (42 U.S.C. 1320d-1320d-8).
(ii) Any institution of higher education
that complies with the Federal Educational Rights and Privacy Act
(FERPA), 20 U.S.C. 1232g, and its implementing regulations, 34 CFR
part 99, and that is also a financial institution described in section
1016.3(l)(3) of this part, shall be deemed to be in compliance
with this part if it is in compliance with FERPA.
(i) A financial institution that is
a person described in section 1029(a) of the Consumer Financial Protection
Act of 2010, Title X of the Dodd-Frank Wall Street Reform and Consumer
Protection Act (Dodd-Frank Act), Public Law 111-203, 124 Stat. 1376
(12 U.S.C. 5519(a));
(ii) A financial institution or other person subject to the jurisdiction
on the Commodity Futures Trading Commission under 7 U.S.C. 7b-2;
(iii) A broker or
dealer that is registered under the Securities Exchange Act of 1934
(15 U.S.C. 78a et seq.);
(iv) A registered investment adviser,
properly registered by or on behalf of either the Securities Exchange
Commission or any state, with respect to its investment advisory activities
and its activities incidental to those investment advisory activities;
(v) An investment
company that is registered under the Investment Company Act of 1940
(15 U.S.C. 80a-1 et seq.); or
(vi) An insurance company, with respect
to its insurance activities and its activities incidental to those
insurance activities, that is subject to supervision by a state insurance
regulator.
