Code of Federal Regulations (Last Updated: November 8, 2024) |
Title 17 - Commodity and Securities Exchanges |
Chapter II - Securities and Exchange Commission |
Part 248 - Regulations S-P, S-Am, and S-ID |
Subpart A - Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information |
Privacy and Opt out Notices |
§ 248.8 - Revised privacy notices.
-
§ 248.8 Revised privacy notices.
(a) General rule. Except as otherwise authorized in this subpart, you must not, directly or through any affiliate, disclose any nonpublic personal information about a consumer to a nonaffiliated third party other than as described in the initial notice that you provided to that consumer under § 248.4, unless:
(1) You have provided to the consumer a clear and conspicuous revised notice that accurately describes your policies and practices;
(2) You have provided to the consumer a new opt out notice;
(3) You have given the consumer a reasonable opportunity, before you disclose the information to the nonaffiliated third party, to opt out of the disclosure; and
(4) The consumer does not opt out.
(b) Examples.
(1) Except as otherwise permitted by §§ 248.13, 248.14, and 248.15, you must provide a revised notice before you:
(i) Disclose a new category of nonpublic personal information to any nonaffiliated third party;
(ii) Disclose nonpublic personal information to a new category of nonaffiliated third party; or
(iii) Disclose nonpublic personal information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt out right regarding that disclosure.
(2) A revised notice is not required if you disclose nonpublic personal information to a new nonaffiliated third party that you adequately described in your prior notice.
(c) Delivery. When you are required to deliver a revised privacy notice by this section, you must deliver it according to § 248.9.