§ 275.8 - Procedures for obtaining customer's consent.  

(a) A DoD law enforcement office or personnel security element seeking access to a person's financial records shall, when feasible, obtain the customer's consent.

(b) Any consent obtained under § 275.8(a) shall:

(1) Be in writing, signed, and dated.

(2) Identify the particular financial records that are being disclosed.

(3) State that the customer may revoke the consent at any time before disclosure.

(4) Specify the purpose for disclosure and to which agency the records may be disclosed.

(5) Authorize the disclosure for a period not in excess of 3 months.

(6) Contain a Privacy Act advisory statement required by part 286a of this title for a personnel security investigation.

(7) Contain a “Statement of Customer Rights Under the Right to Financial Privacy Act of 1978” (enclosure 2).

(c) Any customer's consent not containing all of the elements listed in § 275.8(b), shall be void. A customer consent form, in a format set forth in enclosure 2, shall be used for this purpose.

(d) A copy of the customer's consent shall be made a part of the law enforcement inquiry or personnel security investigation file.

(e) A certification of compliance with 12 U.S.C. 3401 et seq., in writing (enclosure 4), along with the customer's consent, shall be provided to the financial institution as a prerequisite to obtaining access to financial rec-ords.

(f) The annual reporting requirements of § 275.14 shall apply to any request for access under § 275.8(a).