2011-17711. Business Affiliate Marketing and Disposal of Consumer Information Rules  

  • Start Preamble

    AGENCY:

    Commodity Futures Trading Commission.

    ACTION:

    Final rule.

    SUMMARY:

    The Commodity Futures Trading Commission is adopting regulations to implement new statutory provisions enacted by title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act. These regulations apply to futures commission merchants, retail foreign exchange dealers, commodity trading advisors, commodity pool operators, introducing brokers, swap dealers and major swap participants. The Dodd-Frank Act provides the Commission with authority to implement regulations under sections 624 and 628 of the Fair Credit Reporting Act. The regulations implementing section 624 of the Fair Credit Reporting Act require CFTC-regulated entities to provide consumers with the opportunity to prohibit affiliates from using certain information to make marketing solicitations to consumers. The regulations implementing section 628 of the FCRA require CFTC-regulated entities that possess or maintain consumer report information in connection with their business activities to develop and implement written policies and procedures for the proper disposal of such information.

    DATES:

    Effective date: September 20, 2011.

    Compliance dates: Futures commission merchants, commodity pool operators, commodity trading advisors, introducing brokers, and retail foreign exchange dealers shall be in compliance with these rules not later than November 21, 2011. Swap dealers and major swap participants shall be in compliance with these rules not later than 60 days after the effective date of the final entities definition rulemaking, which the Commission will have published in the Federal Register at a future date.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Carl E. Kennedy, Counsel, (202) 418-6625, Commodity Futures Trading Commission, Office of the General Counsel, Three Lafayette Centre, 1155 21st Street, NW., Washington, DC 20581, facsimile number (202) 418-5524, e-mail: c_kennedy@cftc.gov.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    Table of Contents

    I. Background

    II. Rule Amendments

    A. Affiliate Marketing Rules

    B. Disposal Rules

    II. Cost-Benefit Analysis

    III. Paperwork Reduction Act

    IV. Regulatory Flexibility Act

    V. Text of Final Rules

    I. Background

    On October 27, 2010, the Commodity Futures Trading Commission (“Commission” or “CFTC”) proposed in the Federal Register the addition of a new part 162 to its Regulations (the “Proposal”).[1] New part 162 was proposed to implement section 1088 of the Dodd-Frank Wall Street Reform and Consumer Protection Act [2] (“Dodd-Start Printed Page 43880Frank Act”), which sets out two amendments to the Fair Credit Reporting Act (“FCRA”) [3] and the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”).[4] As amended, the FCRA directs the Commission to promulgate regulations that are intended to provide privacy protections to certain consumer information held by any person that is subject to the enforcement jurisdiction of the Commission. One provision of section 1088 of the Dodd-Frank Act amends section 214(b) of the FACT Act—which added section 624 to the FCRA in 2003—and directs the Commission to implement the provisions of section 624 of the FCRA with respect to persons that are subject to the CFTC's enforcement jurisdiction. Section 624 of the FCRA gives consumers the right to prohibit certain CFTC-regulated entities [5] from using certain information obtained from an affiliate to make solicitations to that consumer (hereinafter referred in this preamble as the “affiliate marketing rules”). Specifically, 17 CFR 162.3 establishes the basic rules governing the requirement to provide the consumer with notice, a reasonable opportunity and a simple method to opt out of a company's use of eligibility information that it obtains from an affiliate for the purpose of making solicitations to the consumer. This section and the affiliate marketing rule requirements are discussed in more detail below.

    The other provision in section 1088 of the Dodd-Frank Act amends section 628 of the FCRA and mandates that the Commission implement regulations requiring persons subject to the CFTC's jurisdiction who possess or maintain consumer report information in connection with their business activities to properly dispose of that information (hereinafter referred to in this preamble as the “disposal rules”).

    Both sections 624 and 628 of the FCRA required various Federal agencies charged with regulating financial institutions in possession of consumer information to issue regulations in final form in consultation and coordination with each other. In particular, these sections required the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), the Federal Deposit Insurance Corporation (“FDIC”), the Office of Thrift Supervision (“OTS”), the National Credit Union Administration (“NCUA”) (collectively, the “Banking Agencies”), the Securities and Exchange Commission (“SEC”) and the Federal Trade Commission (“FTC”) (the SEC, FTC and the Banking Agencies, are collectively, the “Agencies”) in consultation and coordination with one another, to issue rules implementing these sections of the FCRA. The Agencies already have adopted final affiliate marketing rules and disposal rules.[6] The Commission, after consulting with many of the Agencies, is acting now pursuant to the Dodd-Frank Act to finalize and implement the affiliate marketing rules and disposal rules.

    The 60-day public comment period on the Proposal expired on December 27, 2010.[7] In response to the Proposal, the Commission received a total of four comment letters.[8] Two of the four addressed the merits or substance of the Proposal.[9] Specifically, these comments addressed the following issues: (1) Consistency with the other Agencies' final regulations; (2) minor changes to the “consumer” definition; (3) correction of minor typographical errors; (4) the compliance date of the rules; and (5) consideration of additional burdens that Commission did not address in the Proposal's Paperwork Reduction Act and cost-benefit analyses.[10]

    II. Rule Amendments

    A. Affiliate Marketing Rules

    Section 624 of the FCRA generally provides that a consumer can block certain CFTC-regulated entities from soliciting the consumer [11] based on eligibility information [12] that such registrant received from an affiliate [13] that has or previously had a pre-existing business relationship [14] with that Start Printed Page 43881consumer. To implement section 624 of the FCRA, § 162.3(a) establishes three conditions that must be met before a covered affiliate [15] that does not have a pre-existing business relationship with a consumer may use eligibility information to make a solicitation [16] to that consumer.[17] First, the rule provides that a notice must be clearly and conspicuously [18] disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise [19] notice that the covered affiliate that does not have a pre-existing business relationship may use shared eligibility information to make solicitations to the consumer.[20] Second, the consumer must be provided a reasonable opportunity and a reasonable and simple method to opt out of the use of that eligibility information to make solicitations to the consumer.[21] Third, the consumer must not have opted out.

    As noted above, the Commission received specific comments regarding the definition of certain terms. In particular, the Securities Industry Financial Markets Association (“SIFMA”) suggested that the Commission amend the proposed definition of the term “affiliate” in order to make it conform to the Agencies' rules.[22] In the Proposal, the Commission defined “affiliate” as “any company that is under common ownership or common corporate control.” SIFMA suggested that the Commission change this definition by using the words “related by” rather than “under.” The Commission agrees that this change will further the goal of consistency with other Agencies' rules and has adopted this suggestion in its final rules.

    In addition, SIFMA and, in a joint letter, the International Swaps and Derivatives Association (“ISDA”) and the Financial Services Roundtable (“FSR”) encouraged the Commission to revise the “consumer” definition to indicate that individuals who provide identifiable information for non-consumer purposes are not “consumers.” [23] Specifically, these commenters contend that the proposed definition is over-inclusive and as a result would include individuals such as market makers, individual floor brokers, locals, and others whose individually identifiable information may be collected in furtherance of market-related transactions for non-consumer purposes. These commenters recommend that the Commission employ a definition similar to that in title V of the Gramm-Leach-Bliley Act.[24] The Commission agrees that including such individuals could possibly be overreaching the intent of the FCRA, and has added a qualifying statement to the consumer definition which excludes from that definition persons who are “market makers, floor brokers, locals, or individual persons whose information is not collected to determine eligibility for personal, family, or household purposes.”

    With respect to several of the examples that the Commission set out in the Proposal's preamble and rule text for the affiliate marketing rules, SIFMA noted that the Commission's usage of examples in the Proposal were inconsistent with the usage of examples by other Agencies in their final rules.[25] In particular, SIFMA pointed out that, unlike the other Agencies' rules, the Proposal does not contain examples of “solicitation,” and does contain examples of “eligibility information.” SIFMA suggested that, to “maximize [the final rules'] benefit and promote consistency,” the Commission revise the affiliate marketing rules to follow the Agencies' usage of examples in their final affiliate marketing rules. That is, when the Agencies have included examples in the text of the rules, the Commission should incorporate examples into its final rules, and vice versa. In addition, SIFMA asked the Commission to indicate that the examples are merely illustrative of acceptable practices and are not prescriptive. Lastly, SIFMA asked the Commission to make clear that examples and practices developed in connection with the analogues rules of the Agencies should be considered as potential guidance for the Commission's rule.

    Despite SIFMA's comments, the Commission does not believe that the inclusion or exclusion of examples warrants an interpretation of the Commission's final affiliate marketing rules that is different than the interpretation of the Agencies' final affiliate marketing rules. The Commission has chosen a slightly different approach than the Agencies in terms of its usage of examples. This approach should not be read to suggest that the Commission intended a different interpretation of its rules. Indeed, the Commission has included examples where it believes they will be illustrative, and does not believe that these examples should be read as prescriptive. Lastly, the Commission has decided not to include a statement to the effect that the examples in the Agencies' rules should be considered as guidance with respect to the Commission's rule. The Agencies' examples are directed at their registrants; the Commission's examples are directed at its registrants. Again, these differences should not be interpreted to suggest that the Commission's rule is different.

    SIFMA also pointed out two typographical errors which the Commission has corrected in the final Start Printed Page 43882rules.[26] These corrections were (1) changing the word “market” to “marketing” in § 162.3(a)(2); and (2) changing the word “includes” to “include” in § 162.2(k).

    B. Disposal Rules

    Section 1088 of the Dodd-Frank Act also amends section 628 of the FCRA, which directs the Commission to adopt comparable and consistent rules with the Agencies regarding the disposal of sensitive consumer information. The purpose of these rules is to reduce the risk of identity theft and other consumer harm from improper disposal of a consumer report or any record derived from one. The Commission's disposal rules [27] apply to certain Commission-regulated entities [28] that, for a business purpose, maintain or otherwise possess such consumer information.[29]

    The general disposal requirement in § 162.21(a), 17 CFR 162.21, provides that Commission-regulated entities adopt reasonable, written policies and procedures that address the administrative, technical, and physical safeguards for the protection of consumer information.

    A commenter suggested that the Commission remove language from the text of the Proposal, which requires disposal to take place “pursuant to a written disposal plan.” The commenter suggested that such language would be duplicative and possibly confusing because the Proposal already required “written policies and procedures” for disposal. The commenter suggested that the removal of this language would further the conformity of this rule with the other Agencies' rules. The Commission agrees and has removed the requirement that disposal take place “pursuant to a written disposal plan” from the final rule text.

    The standard for disposal is flexible to allow these entities to determine what measures are reasonable based on the sensitivity of the information, the costs and benefits of different disposal methods, and relevant changes in technology over time.

    C. Compliance Dates

    In the Proposal, the Commission proposed to adopt part 162 on July 21, which was intended to coincide with the proposed effective date of the Commission's amendments to part 160 of its regulations.[30] SIFMA requested that the Commission extend the effective date of the disposal and affiliate marketing rules from July 21, 2011 to nine months after the date of publication.[31] SIFMA argued that this would allow the covered entities enough time to come into compliance with the rules.

    The Commission partly agrees with SIFMA's comment with respect to the new entities (i.e., SDs and MSPs) that must comply with the final rules. The effective date of the final rules will be 60 days from the date of publication in the Federal Register. However, with respect to FCMs, IBs, CTAs, CPOs, and RFEDs, the Commission has decided to establish a compliance date of 120 days after the date of publication in the Federal Register. In making its decision, the Commission considered the amount of time that the other Agencies' final rules gave to affected entities in order to comply with their respective rules. These Agencies gave their affected entities 120 months to comply with the provision of their respective rules. In addition, the Commission considered the fact that many of its regulated entities are currently required to adhere to the FTC's disposal and affiliate marketing rules which are substantially identical.

    With respect to SDs and MSPs, the Commission has determined that these new entities shall have 60 days after the date of publication in the Federal Register of the final entities definitional rulemaking [32] to come into compliance with these rules. The Commission expects to approve and publish in the Federal Register the final entities definitional rulemaking at a date in the future.

    II. Cost-Benefit Considerations.

    Section 15(a) of the CEA explicitly requires the Commission to consider the costs and benefits of its actions before issuing a rule or order under the CEA. By its terms, section 15(a) neither requires the Commission to quantify the costs and benefits of amendments to regulations, nor does it require the Commission to determine whether the benefits of the amendments outweigh its costs. Section 15(a) specifies that the costs and benefits shall be evaluated in light of five broad areas of market and public concern: (1) Protection of market participants and the public; (2) efficiency, competitiveness and financial integrity of futures markets; (3) price discovery; (4) sound risk management practices; and (5) other public interest considerations. The Commission may in its discretion give greater weight to any one of the five enumerated areas and could in its discretion determine that, notwithstanding its costs, a particular amendment is necessary or appropriate to protect the public interest or to effectuate any of the provisions or accomplish any of the purposes of the CEA.

    Section 1088 of the Dodd-Frank Act provides the Commission with authority to implement rules under sections 624 and 628 of the FCRA. In its Proposal, the Commission prescribed rules implementing section 624 of the FCRA, which requires certain Commission-regulated entities to provide consumers with the opportunity to prohibit affiliates from using certain information to make marketing solicitations to consumers. The Commission also prescribed rules implementing section 628 of the FCRA, which requires certain Commission-regulated entities that possess or maintain consumer report information in connection with their business activities to develop and implement written policies and procedures for the proper disposal of such information. These proposed regulations would require CFTC registrants to do two things with respect to certain consumer information. The Commission proposed to (1) create a new part 162 of its regulations to include both the business affiliate rules Start Printed Page 43883and the disposal rules and (2) require that this new part apply to the following Commission-regulated entities: FCMs; IBs; CTAs; CPOs; RFEDs; SDs; and MSPs.

    The cost-benefit discussion in the Proposal analyzed the costs and benefits of imposing new part 162 on these entities, most of which currently comply with substantially identical regulations imposed by the Agencies. With respect to costs, the Commission's Proposal stated that the costs to aforementioned entities would be de minimis because: (1) The Commission is providing model notices in the proposed regulations in order to assist these participants in complying with the affiliate marketing rules; (2) the affiliate marketing rules only require periodic notice (i.e., at a maximum, companies would have to provide notice to a consumer once every five years; at a minimum, companies would have to provide notice only once per consumer); (3) market participants can file consolidated and equivalent notices in order to comply with the affiliate marketing rules; and (4) the disposal rules were designed to provide market participants with the greatest flexibility in the development and implementation of a disposal program (which may vary according to a company's size and the complexity of its operations, the costs and benefits of available disposal methods, and the sensitivity of information involved).

    The Commission's Proposal also set out the following potential costs to the general public: (1) Absent the implementation of the affiliate marketing rules, consumers would have no control over both the use of their personal information, and the number of solicitations such consumers would receive from affiliates of company with which they have a pre-existing business relationship; and (2) absent the implementation of the disposal rules, there would be an increased chance that consumer information would be accessible to third parties who may use such information for identity theft or other unlawful purposes. With respect to benefits, the Commission's Proposal stated that, through the implementation of the affiliate marketing rules, consumers generally will be able to opt out of receiving unsolicited and targeted materials from businesses with which the consumers have no pre-existing business relationship. In addition, the Commission's Proposal stated that, as a result of the implementation of the disposal rules, the potential for the misuse of consumer information will greatly decrease.

    In issuing final rules, the Commission has considered the costs and benefits referenced above in light of the comments received in response to its Proposal and the specific areas of concern identified in section 15(a). An analysis of the section 15(a) factors is set out immediately below, followed by a discussion of the comments received in response to the Commission's cost-benefit discussion in its Proposal.

    1. Protection of market participants and the public. The Commission believes that requiring certain Commission-regulated entities to provide opt-out notices and to protect customer information through disposal of such information will greatly benefit the general public by protecting the privacy of the public's personal information. Similarly, the Commission believes that requiring Commission-regulated entities to ensure the protection of nonpublic personal information will reduce the litigation risk that these entities face related to privacy causes of action. The Commission further believes that the costs, which will be placed on its regulated entities, will be equal to or no greater than those costs that the Agencies currently impose on most of these entities under the Agencies' similar regulations.[33]

    2. Efficiency and competition. The Commission believes that the requirements to provide opt-out notices will benefit efficiency by reducing the number of solicitations sent to customers. The Commission's final rules also will benefit efficiency and competition by providing Commission-regulated entities with flexibility in terms of how best to distribute opt-out notices and to adopt disposal policies and procedures to protect customer information. Ultimately, this flexibility will allow these entities to develop procedures that are best suited to each entity's business and needs. As noted above, the Commission believes that the costs, which will be placed on these entities will be equal to or no greater than those costs currently placed on them under the Agencies' similar regulations.

    3. Price discovery and financial integrity of futures and swaps markets, price discovery and sound risk management practices. The final rules should have no effect, from the standpoint of imposing costs or creating benefits, on the price discovery function or financial integrity of the futures and swaps markets or on the risk management practices of the Commission-regulated entities.

    4. Other public interest considerations. As noted above, part 162 will provide these entities with maximum flexibility in designing their own compliance systems in a manner consistent with the legal requirements under the affiliate marketing rules and disposal rules. Ultimately, the Commission believes that requiring its entities to comply with the final affiliate marketing rules and disposal rules will harmonize privacy protections for individual customers across all financial markets regardless of whether those entities are regulated by the Commission or the other Agencies.

    5. Response to Comments. In its Proposal, the Commission solicited comment on its consideration of these costs and benefits. The Commission received one comment with respect to the cost and benefits analysis in its Proposal. Specifically, SIFMA argued that the Commission also should consider anticipated additional costs associated with monitoring the privacy and opt-out notice process, addressing consumer issues, and adjusting records to comport with consumer requests. SIFMA did not provide specific cost information related to these additional activities. Notwithstanding SIFMA's assertion, the Commission notes that the additional activities and costs raised by SIFMA were subsumed within the considerations discussed in the Proposal.[34]

    In line with Section 15(a) of the CEA, the Commission believes that prescribing final rules is in the public interest and will further protect market the general public, promote efficiency and competition, and address other public interest considerations such as the harmonization of regulation across financial markets, regardless of which Federal regulator oversees a financial entity. In the Commission's view, these benefits far outweigh the additional costs that SIFMA cited.

    III. Paperwork Reduction Act

    Under the Paperwork Reduction Act of 1995 (“PRA”), 44 U.S.C. 3501 et seq., an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid control Start Printed Page 43884number. The Commission's final rule regarding the protection of consumer information under the Fair Credit Reporting Act results in information collection requirements within the meaning of the PRA. The Commission submitted the proposing release along with supporting documentation to the Office of Management and Budget (“OMB”) for review in accordance with 44 U.S.C. 3507(d) and 5 CFR 1320.11. The Commission requested that OMB approve and assign a new control number for the collection of information required by the proposing release.

    In response to the Commission's request in the proposing release for comments on any potential paperwork burden associated with both the proposed affiliate marketing and disposal rules, only SIFMA provided substantive comments addressing the merits of the Commission's proposed PRA calculations.[35] In particular, SIFMA proposed that the burden estimate for the affiliate marketing rules should be refined to account for burden hours associated with: (i) Monitoring the opt-out notice process; (ii) addressing consumer questions and concerns about opt-out notices; and (iii) adjusting records where a consumer changes his or her mind about his or her election to opt-in or out. In addition, SIFMA proposed that the burden estimate for the disposal rules should be refined to: (i) Revise disposal plans to account for use of new technology, new business processes, etc.; and (ii) conduct regular reviews of its disposal plan to determine when revisions are necessary or advisable.

    Based on these comments, the Commission estimates that 3,172 covered entities may incur an additional 3.5 burden hours when complying with the affiliate marketing rules, for an aggregate of 11,102 annual burden hours. These additional burden hours are attributable to monitoring the opt-out notice process, addressing consumer questions and concerns about opt-out notices, and adjusting customer records.

    In addition, the Commission estimates that 3,172 covered entities may incur an additional 2.4 burden hours when complying with the disposal rules, for an aggregate of 7,612.8 annual burden hours. These additional burden hours are attributable to revise and update disposal plans on an ongoing basis, and conduct regular reviews of its disposal plan as necessary or advisable. Accordingly, the Commission has submitted to the OMB an amended calculation of the annual burden hours for the final affiliate marketing and disposal rules.

    IV. Regulatory Flexibility Act

    The Regulatory Flexibility Act (“RFA”) [36] requires that Federal agencies consider whether the regulations they propose will have a significant economic impact on a substantial number of small entities and, if so, provide a regulatory flexibility analysis respecting the impact.[37] The Commission's final regulations will affect only FCMs, IBs, CTAs, CPOs, SDs, and MSPs.

    The regulations implementing section 624 of the FCRA require above-referenced CFTC-regulated entities to provide consumers with the opportunity to prohibit affiliates from using certain information to make marketing solicitations to consumers. The regulations implementing section 628 of the FCRA require the above-referenced CFTC-regulated entities that possess or maintain consumer report information in connection with their business activities to develop and implement a written program for the proper disposal of such information. The Commission certified in the Proposal that these rules will not have a significant economic impact on a substantial number of small entities. The Commission did not receive any substantive comments to its RFA analysis in relation to the Proposal. Moreover, the Commission previously determined that FCMs, CPOs, and IBs are not small entities for purposes of the RFA.[38] Therefore, nothing alters the Commission's determination in the Proposal that the obligations created by these rules will not create a significant economic impact on a substantial number of small entities.

    V. Text of Final Rules

    Start List of Subjects

    List of Subjects in 17 CFR Part 162

    • Brokers
    • Dealers
    • Consumer protection
    • Privacy
    • Reporting and recordkeeping
    End List of Subjects

    For the reasons stated in the preamble, the Commodity Futures Trading Commission adds 17 CFR part 162 to read as follows:

    Start Part

    PART 162—PROTECTION OF CONSUMER INFORMATION UNDER THE FAIR CREDIT REPORTING ACT

    162.1
    Purpose and scope.
    162.2
    Definitions.
    Subpart A—Business Affiliate Marketing Rules
    162.3
    Affiliate marketing opt out and exceptions.
    162.4
    Scope and duration of opt out.
    162.5
    Contents of opt-out notice; consolidated and equivalent notices.
    162.6
    Reasonable opportunity to opt out.
    162.7
    Reasonable and simple methods of opting out.
    162.8
    Acceptable delivery of opt-out notices
    162.9
    Renewal of opt out.
    162.10-162.20
    [Reserved.]
    Subpart B—Disposal Rules
    162.21
    Proper disposal of consumer information.

    Appendix A to Part 162—Sample Clauses

    Start Authority

    Authority: Sec. 1088, Pub. L. 111-203; 124 Stat. 1376 (2010).

    End Authority
    Purpose and scope.

    (a) Purpose. The purpose of this part is to implement various provisions in the Fair Credit Reporting Act, 15 U.S.C. 1681, et seq. (“FCRA”), which provide certain protections to consumer information.

    (b) Scope. This part applies to certain consumer information held by the entities listed below. This part shall apply to futures commission merchants, retail foreign exchange dealers, commodity trading advisors, commodity pool operators, introducing brokers, major swap participants and swap dealers, regardless of whether they are required to register with the Commission. This part does not apply to foreign futures commission merchants, foreign retail foreign exchange dealers, commodity trading advisors, commodity pool operators, introducing brokers, major swap participants and swap dealers unless such entity registers with the Commission. Nothing in this part modifies limits or supersedes the requirements set forth in part 160 of this title.

    (c) Examples. The examples in this part are not exclusive. Compliance with an example, to the extent applicable, constitutes compliance with this part. Examples in a section illustrate only the issue described in the section and do not illustrate any other issue that may arise in this part.

    Definitions.

    (a) Affiliate. The term “affiliate” for the purposes of this part means any person that is related by common ownership or common corporate control with a covered affiliate.

    (b) Clear and conspicuous. The term “clear and conspicuous” means reasonably understandable and designed to call attention to the nature and significance of the information presented in the notice.Start Printed Page 43885

    (c) Common ownership or common corporate control. The term “common ownership or common corporate control” for the purposes of this part means the power to exercise a controlling influence over the management or policies of a company whether through ownership of securities, by contract, or otherwise. Any person who owns beneficially, either directly or through one or more controlled companies, more than 25 percent of the voting securities of any company is presumed to control the company. Any person who does not own more than 25 percent of the voting securities of a company will be presumed not to control the company.

    (d) Company. The term “company” means any corporation, limited liability company, business trust, general or limited partnership, association, or similar organization.

    (e) Concise.

    (1) In general. The term “concise” means a reasonably brief expression or statement.

    (2) Combination with other required disclosures. A notice required by this part may be concise even if it is combined with other disclosures required or authorized by Federal or state law.

    (f) Consumer. Except as otherwise provided, the term “consumer” means an individual person. The term consumer does not include market makers, floor brokers, locals, or individual persons whose information is not collected to determine eligibility for personal, family, or household purposes.

    (g) Consumer information. The term “consumer information” means any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report (as defined in section 603(d)(2) of the FCRA). Consumer information also means a compilation of such records. Consumer information does not include information that does not identify individuals, such as aggregate information or blind data.

    (h) Covered affiliate. The term “covered affiliate” means a futures commission merchant, retail foreign exchange dealer, commodity trading advisor, commodity pool operator, introducing broker, major swap participant or swap dealer, which is subject to the jurisdiction of the Commission.

    (i) Dispose or Disposal.

    (1) In general. The terms “dispose” or “disposal” means:

    (i) The discarding or abandonment of consumer information; or

    (ii) The sale, donation, or transfer of any medium, including computer equipment, upon which consumer information is stored.

    (2) Sale, donation, or transfer of consumer information. The sale, donation, or transfer of consumer information is not considered disposal for the purposes of subpart B.

    (j) Dodd-Frank Act. The term “Dodd-Frank Act” means the Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111-203, 124 Stat. 1376 (2010)).

    (k) Eligibility information. The term “eligibility information” means any information that would be a consumer report if the exclusions from the definition of “consumer report” in section 603(d)(2)(A) of the FCRA did not apply. Examples of the type of information that would fall within the definition of eligibility information include an affiliate's own transaction or experience information, such as information about a consumer's account history with that affiliate, and other information, such as information from credit bureau reports or applications. Eligibility information does not include aggregate or blind data that does not contain personal identifiers such as account numbers, names, or addresses.

    (l) FCRA. The term “FCRA” means the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.).

    (m) Financial product or service. The term “financial product or service” means any product or service that a futures commission merchant, retail foreign exchange dealer, commodity trading advisor, commodity pool operator, introducing broker, major swap participant or swap dealer could offer that is subject to the Commission's jurisdiction.

    (n) GLB Act. The term “GLB Act” means the Gramm-Leach-Bliley Act (Pub. L. 106-102, 113 Stat. 1338 (1999)).

    (o) Major swap participant. The term “major swap participant” has the same meaning as in section 1a(33) of the Commodity Exchange Act, 7 U.S.C. 1 et seq., as may be further defined by this title, and includes any person registered as such thereunder.

    (p) Person. The term “person” means any individual, partnership, corporation, trust, estate, cooperative, association, or other entity.

    (q) Pre-existing business relationship. The term “pre-existing business relationship” means a relationship between a person, or a person's licensed agent, and a consumer based on—

    (1) A financial contract between the person and the consumer which is in force on the date on which the consumer is sent a solicitation by this part;

    (2) The purchase, rental, or lease by the consumer of a persons' services or a financial transaction (including holding an active account or policy in force or having another continuing relationship) between the consumer and the person, during the 18-month period immediately preceding the date on which the consumer is sent a solicitation covered by this part; or

    (3) An inquiry or application by the consumer regarding a financial product or service offered by that person during the three-month period immediately preceding the date on which the consumer is sent a solicitation covered by this part.

    (r) Solicitation—(1) In general. The term “solicitation” means the marketing of a financial product or service initiated by an affiliate to a particular consumer that is—

    (i) Based on eligibility information communicated to that covered affiliate by an affiliate that has or previously had the pre-existing business relationship with a consumer as described in this part; and

    (ii) Intended to encourage the consumer to purchase or obtain such financial product or service. A solicitation does not include marketing communications that are directed at the general public.

    (2) Examples. Examples of what communications constitute solicitations include communications such as a telemarketing solicitation, direct mail, or e-mail, when those communications are directed to a specific consumer based on eligibility information. A solicitation does not include communications that are directed at the general public without regard to eligibility information, even if those communications are intended to encourage consumers to purchase financial products and services from the affiliate initiating the communications.

    (s) Swap dealer. The term “swap dealer” has the same meaning as in section 1a(49) of the Commodity Exchange Act, 7 U.S.C. 1 et seq., as may be further defined by this title, and includes any person registered as such thereunder.

    Subpart A—Business Affiliate Marketing Rules

    Affiliate marketing opt out and exceptions.

    (a) Initial notice and opt out. A covered affiliate may not use eligibility information about a consumer that the covered affiliate receives from an affiliate with the consumer to make a Start Printed Page 43886solicitation for marketing purposes to such consumer unless—

    (1) It is clearly and conspicuously disclosed to the consumer in writing or if the consumer agrees, electronically, in a concise notice that the person may use shared eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to such consumer;

    (2) The consumer is provided a reasonable opportunity and a reasonable and simple method to opt out, or prohibit the covered affiliate from using eligibility information to make solicitations for marketing purposes to the consumer; and

    (3) The consumer has not opted out.

    (b) Persons responsible for satisfying the notice requirement. The notice required by this section must be provided:

    (1) By an affiliate that has or previously had a pre-existing business relationship with a consumer; or

    (2) As part of a joint notice from two or more members of an affiliated group of companies, provided that at least one of the affiliates on the joint notice has or previously had a pre-existing business relationship with the consumer.

    (c) Exceptions. These proposed regulations would not apply to the following covered affiliate:

    (1) A covered affiliate that has a pre-existing business relationship with a consumer;

    (2) Communications between an employer and employee-consumer (or his or her beneficiary) in connection with an employee benefit plan;

    (3) A covered affiliate that is currently providing services to the consumer;

    (4) If the consumer initiated the communication with the covered affiliate by oral, electronic, or written means;

    (5) If the consumer authorized or requested the covered affiliate's solicitation; or

    (6) If compliance by a person with these regulations would prevent that person's compliance with state insurance laws pertaining to unfair discrimination.

    (d) Making solicitations.

    (1) When a solicitation occurs. A covered affiliate makes a solicitation for marketing purposes if the person—

    (i) Receives eligibility information from an affiliate;

    (ii) Uses that eligibility information to do one or more of the following:

    (A) Identify the consumer or type of consumer to receive a solicitation;

    (B) Establish criteria used to select the consumer to receive a solicitation about the covered affiliate's financial products or services; or

    (C) Decide which of the services or contracts to market to the consumer or tailor the solicitation to that consumer; and

    (iii) As a result of the covered affiliate's use of the eligibility information, the consumer is provided a solicitation.

    (2) Receipt of eligibility information. A covered affiliate may receive eligibility information from an affiliate in various ways, including when the affiliate places that information into a common database that the covered affiliate may access.

    (3) Service Providers. Except as provided in paragraph (d)(5) of this section, a covered affiliate receives or uses an affiliate's eligibility information if a service provider acting on the covered affiliate's behalf (regardless of whether such service provider is a third party or an affiliate of the covered affiliate) receives or uses that information in the manner described in paragraph (d)(1)(i) or (d)(1)(ii) of this section. All relevant facts and circumstances will determine whether a service provider is acting on behalf of a covered affiliate when it receives or uses an affiliate's eligibility information in connection with marketing the covered affiliate's financial products or services.

    (4) Use by an affiliate of its own eligibility information. Unless a covered affiliate uses eligibility information that the covered affiliate receives from an affiliate in the manner described in paragraph (d)(2) of this section, the covered affiliate does not make a solicitation subject to this subpart:

    (i) Uses its own eligibility information that it obtained in connection with a pre-existing business relationship it has or previously had with the consumer to market the covered affiliate's financial products or services to the consumer; or

    (ii) Directs its service provider to use the affiliate's own eligibility information that it obtained in connection with a pre-existing business relationship it has or previously had with the consumer to market the covered affiliate's financial products or services to the consumer, and the covered affiliate does not communicate directly with the service provider regarding that use.

    (5) Use of eligibility information by a service provider. (i) In general. A covered affiliate does not make a solicitation subject to this subpart if a service provider (including an affiliated or third-party service provider that maintains or accesses a common database that the covered affiliate may access) receives eligibility information from an affiliate that has or previously had a pre-existing business relationship with the consumer and uses that eligibility information to market the covered affiliate's financial products or services to the consumer, so long as—

    (A) The affiliate controls access to and use of its eligibility information by the service provider (including the right to establish the specific terms and conditions under which the service provider may use such information to market the covered affiliate's financial products or services);

    (B) The affiliate establishes specific terms and conditions under which the service provider may access and use such affiliate's eligibility information to market the covered affiliate's financial products and services (or those of affiliates generally) to the consumer, such as the identity of the affiliated companies whose financial products or services may be marketed to the consumer by the service provider, the types of financial products or services of affiliated companies that may be marketed, and the number of times the consumer may receive marketing materials, and periodically evaluates the service provider's compliance with those terms and conditions;

    (C) The affiliate requires the service provider to implement reasonable policies and procedures designed to ensure that the service provider uses such affiliate's eligibility information in accordance with the terms and conditions established by such affiliate relating to the marketing of the covered affiliate's financial products or services;

    (D) The affiliate is identified on or with the marketing materials provided to the consumer; and

    (E) The covered affiliate does not directly use its affiliate's eligibility information in the manner described in paragraph (b)(1)(ii) of this section.

    (ii) Writing requirements. (A) The requirements of paragraphs (b)(5)(i)(A) and (C) of this section must be set forth in a written agreement between the affiliate that has or previously had a pre-existing business relationship with the consumer and the service provider; and

    (B) The specific terms and conditions established by the affiliate as provided in paragraph (b)(5)(i)(B) of this section must be set forth in writing.

    (e) Relation to affiliate-sharing notice and opt out. Nothing in this rulemaking will limit the responsibility of a covered affiliate to comply with the notice and opt-out provisions under other privacy rules under the FCRA, the GLB Act or the CEA.

    Scope and duration of opt out.

    (a) Scope of opt-out election-(1) In general. The consumer's election to opt out prohibits any covered affiliate subject to the scope of the opt-out notice Start Printed Page 43887from using eligibility information received from another affiliate to make solicitations to the consumer.

    (2) Continuing relationship-(i) In general. If the consumer establishes a continuing relationship with a covered affiliate or its affiliate, an opt-out notice may apply to eligibility information obtained in connection with—

    (A) A single continuing relationship or multiple continuing relationships that the consumer establishes with a covered affiliate or its affiliates, including continuing relationships established subsequent to delivery of the opt-out notice, so long as the notice adequately describes the continuing relationships covered by the opt out; or

    (B) Any other transaction between the consumer and the covered affiliate or its affiliates as described in the notice.

    (ii) Examples of a continuing relationship. A consumer has a continuing relationship with a covered affiliate or its affiliate if:

    (A) The covered affiliate is a futures commission merchant through whom a consumer has opened an account, or that carries the consumer's account on a fully-disclosed basis, or that effects or engages in commodity interest transactions with or for a consumer, even if the covered affiliate does not hold any assets of the consumer;

    (B) The covered affiliate is an introducing broker that solicits or accepts specific orders for trades;

    (C) The covered affiliate is a commodity trading advisor with whom a consumer has a contract or subscription, either written or oral, regardless of whether the advice is standardized, or is based on, or tailored to, the commodity interest or cash market positions or other circumstances or characteristics of the particular consumer;

    (D) The covered affiliate is a commodity pool operator, and accepts or receives from the consumer, funds, securities, or property for the purpose of purchasing an interest in a commodity pool;

    (E) The covered affiliate is a major swap participant that holds securities or other assets as collateral for a loan made to the consumer, even if the covered affiliate did not make the loan or do not affect any transactions on behalf of the consumer; or

    (F) The covered affiliate is a swap dealer that regularly effects or engages in swap transactions with or for a consumer even if the covered affiliate does not hold any assets of the consumer.

    (3) No continuing relationship. (i) In general. If there is no continuing relationship between a consumer and the covered affiliate or its affiliate, and the covered affiliate or its affiliate obtain eligibility information about a consumer in connection with a transaction with the consumer, such as an isolated transaction or a credit application that is denied, an opt-out notice provided to the consumer only applies to eligibility information obtained in connection with that transaction.

    (ii) Examples of no continuing relationship. A consumer does not have a continuing relationship with a covered affiliate or its affiliate if:

    (A) The covered affiliate has acted solely as a “finder” for a futures commission merchant, and the covered affiliate does not solicit or accept specific orders for trades; or

    (B) The covered affiliate has solicited the consumer to participate in a pool or to direct his or her account and he or she has not provided the covered affiliate with funds to participate in a pool or entered into any agreement with the covered affiliate to direct his or her account.

    (4) Menu of alternatives. A consumer may be given the opportunity to choose from a menu of alternatives when electing to prohibit solicitations, such as by electing to prohibit solicitations from certain types of affiliates covered by the opt-out notice but not other types of affiliates covered by the notice, electing to prohibit solicitations based on certain types of eligibility information but not other types of eligibility information, or electing to prohibit solicitations by certain methods of delivery but not other methods of delivery. However, one of the alternatives must allow the consumer to prohibit all solicitations from all of the affiliates that are covered by the notice.

    (5) Special rule for a notice following termination of all continuing relationships. A consumer must be given a new opt-out notice if, after all continuing relationships with the covered affiliate or its affiliate(s) are terminated, the consumer subsequently establishes another continuing relationship with the covered affiliate or its affiliate(s) and the consumer's eligibility information is to be used to make a solicitation. The new opt-out notice must apply, at a minimum, to eligibility information obtained in connection with the new continuing relationship. Consistent with paragraph b of this section, the consumer's decision not to opt out after receiving the new opt-out notice would not override a prior opt-out election by the consumer that applies to eligibility information obtained in connection with a terminated relationship, regardless of whether the new opt-out notice applies to eligibility information obtained in connection with the terminated relationship.

    (b) Duration of opt-out election. An opt-out election must be effective for a period of at least five years beginning when the consumer's opt-out election is received and implemented, unless the consumer subsequently revokes the opt-out election in writing or, if the consumer agrees, electronically. An opt-out election may be established for a period of more than five years or for an indefinite period unless revoked.

    (c) Time period in which a consumer can opt out. A consumer may opt out at any time.

    (d) No effect on opt-out period. An opt-out period may not be shortened by sending a renewal notice to the consumer before expiration of the opt-out period, even if the consumer does not renew the opt out.

    Contents of opt-out notice; consolidated and equivalent notices.

    (a) Contents of the opt-out notice. (1) In general. An opt-out notice must be in writing, be clear and conspicuous, as well as concise, and must accurately disclose the following:

    (i) (A) The name of the affiliate that has or previously had a pre-existing business relationship with a consumer, which is providing the notice; or

    (B) If jointly provided jointly by multiple affiliates and each affiliate shares a common name, then the notice may indicate that it is being provided by multiple companies with the same name or multiple companies in the same group or family of companies. If the affiliates providing the notice do not share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates;

    (ii) The list of affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer;

    (iii) A general description of the types of eligibility information that may be used to make solicitations to the consumer;

    (iv) A statement that the consumer may elect to limit the use of eligibility information to make solicitations to the consumer;

    (v) A statement that the consumer's election will apply for the specified period of time and, if applicable, that the consumer will be allowed to renew the election once that period expires;

    (vi) If the notice is provided to consumers who have previously elected to opt out, that such consumer does not Start Printed Page 43888need to act again until the consumer receives a renewal notice; and

    (vii) A reasonable and simple method for the consumer to opt out.

    (2) Specifying length of time period. If consumer is granted an opt-out period longer than a five-year duration, the opt-out notice must specify the length of the opt-out period.

    (3) No revised notice for extension of opt-out period. The duration of an opt-out period may be increased for a period longer than the period specified in the opt-out notice without having to provide a revised notice of the increase to the consumer.

    (b) Joint relationships. (1) If two or more consumers jointly obtain a financial product or service, a single opt-out notice may be provided to joint consumers.

    (2) Any of the joint consumers may exercise the right to opt out on behalf of each joint consumer.

    (3) The opt-out election notice must explain how an opt-out election by a joint consumer will be treated. That is, the notice should specify whether an opt-out election by a joint consumer will be treated as applying to all of the associated joint consumers, or as applying to each joint consumer separately.

    (4) If the opt-out election notice provides that each joint consumer is permitted to opt out separately, one of the joint consumers must be permitted to opt out on behalf of all of the joint consumers and the joint consumer must be permitted to exercise his or her separate rights to opt out in a single response.

    (5) A covered affiliate cannot require all joint consumers to opt out before implementing any opt-out election.

    (c) Alternative contents. If the consumer is afforded a broader right to opt out of receiving marketing than is required by this subpart, the requirements of this section may be satisfied by providing the consumer with a clear, conspicuous, and concise notice that accurately discloses the consumer's opt-out rights.

    (d) Coordinated and consolidated consumer notices. A notice required by this subpart may be coordinated and consolidated with any other notice or disclosure required to be issued under any other provision of law by the covered affiliate providing the notice, including but not limited to notices in the FCRA or the GLB Act privacy notices.

    (e) Equivalent notices. A notice or disclosure that is equivalent to the notice required by this part in terms of content, and that is provided to a consumer together with a notice required by any other provision of law, satisfies the requirements of this section.

    (f) Model notices. Model notices are provided in Appendix A of this part. These notices were meant to facilitate compliance with this subpart; provided, however, that nothing herein shall be interpreted to require persons subject to this part to use the model notices.

    Reasonable opportunity to opt out.

    (a) In general. A covered affiliate must not use eligibility information about a consumer that the covered affiliate receives from an affiliate to make a solicitation to such consumer about the covered affiliate's financial products or services, unless the consumer is provided a reasonable opportunity to opt out, as required by this subpart.

    (b) Examples. A reasonable opportunity to opt out under this subpart is:

    (1) If the opt-out notice is mailed to the consumer, the consumer has 30 days from the date the notice is mailed to opt out.

    (2) If the opt-out notice is sent via electronic means to the consumer, the consumer has 30 days from the date the consumer acknowledges receipt to elect to opt out by any reasonable method.

    (3) If the opt-out notice is sent via e-mail (where the consumer has agreed to receive disclosures by e-mail), the consumer is given 30 days after the e-mail is sent to elect to opt out by any reasonable method.

    (4) If the opt-out notice provided to the consumer at the time of an electronic transaction, the consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction.

    (5) If the opt-out notice is provided during an in-person transaction, the consumer is required to decide, as a necessary part of completing the transaction, whether to opt out through a simple process.

    (6) If the opt-out notice is provided in conjunction with other privacy notices required by law, the consumer is allowed to exercise the opt-out election within a reasonable period of time and in the same manner as the opt out under that privacy notice.

    Reasonable and simple methods of opting out.

    (a) In general. A covered affiliate shall be prohibited from using eligibility information about a consumer received from an affiliate to make a solicitation to the consumer about the covered affiliate's financial products or services, unless the consumer is provided a reasonable and simple method to opt out, as required by this subpart.

    (b) Examples. Reasonable and simple methods of opting out include:

    (1) Designating a check-off box in a prominent position on an opt-out election form;

    (2) Including a reply form and a self-addressed envelope (in a mailing);

    (3) Providing an electronic means, if the consumer agrees, that can be electronically mailed or processed through an Internet Web site;

    (4) Providing a toll-free telephone number; or

    (5) Exercising an opt-out election through whatever means are acceptable under a consolidated privacy notice required under other laws.

    (c) Specific opt-out method. Each consumer may be required to opt out through a specific method, as long as that method is acceptable under this subpart.

    Acceptable delivery methods of opt-out notices.

    (a) In general. The opt-out notice must be provided so that each consumer can reasonably be expected to receive actual notice.

    (b) Electronic notices. For opt-out notices provided electronically, the notice may be provided in compliance with either the electronic disclosure provisions in § 1.4 of this title or the provisions in section 101 of the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. 7001 et seq.

    Renewal of opt out.

    (a) Renewal notice and opt-out requirement. (1) In general. Since the FCRA provides that opt-out elections can expire in a period of no less than five years, an affiliate that has or previously had a pre-existing business relationship with a consumer must provide a renewal notice to the consumer after such time in order to allow its affiliates to make solicitations. After the opt-out election period expires, its affiliates may make solicitations unless:

    (i) The consumer has been given a renewal notice that complies with the requirements of this section and §§ 162.6 through 162.8 of this subpart, and a reasonable opportunity and a reasonable and simple method to renew the opt-out election, and the consumer does not renew the opt out; or

    (ii) An exception in Sec. 162.3(c) of this subpart applies.

    (2) Renewal period. Each opt-out renewal must be effective for a period of at least five years as provided in § 162.4(b) of this subpart.Start Printed Page 43889

    (3) Affiliates who may provide the renewal notice. The notice required by this paragraph must be provided:

    (i) By the affiliate that provided the previous opt-out notice, or its successor; or

    (ii) As part of a joint renewal notice from two or more members of an affiliated group of companies, or their successors, that jointly provided the previous opt-out notice.

    (b) Contents of renewal or extension notice. The contents of the renewal notice must include all of the same contents of the initial notices, but also must include:

    (1) A statement that the consumer previously elected to limit the use of certain information to make solicitations to the consumer;

    (2) A statement that the consumer may elect to renew the consumer's previous election; and

    (3) If applicable, a statement that the consumer's election to renew will apply for a specified period of time stated in the notice and that the consumer will be allowed to renew the election once that period expires.

    (c) Timing of renewal notice. Renewal notices must be provided in a reasonable period of time before the expiration of the opt-out election period or any time after the expiration of the opt-out period, but before solicitations that would have been prohibited by the expired opt-out election are made to the consumer.

    (d) No effect on opt-out period. An opt-out period may not be shortened by sending a renewal notice to the consumer before the expiration of the opt-out period, even if the consumer does not renew the opt-out election.

    Subpart B—Disposal Rules

    Proper disposal of consumer information.

    (a) In general. Any covered affiliate must adopt must adopt reasonable, written policies and procedures that address administrative, technical, and physical safeguards for the protection of consumer information. These written policies and procedures must be reasonably designed to:

    (1) Insure the security and confidentiality of consumer information;

    (2) Protect against any anticipated threats or hazards to the security or integrity of consumer information; and

    (3) Protect against unauthorized access to or use of consumer information that could result in substantial harm or inconvenience to any consumer.

    (b) Standard. Any covered affiliate under this part who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.

    (c) Examples. The following examples are “reasonable” disposal measures for the purposes of this subpart—

    (1) Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed;

    (2) Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practically be read or reconstructed; and

    (3) After due diligence, entering into and monitoring compliance with a written contract with another party engaged in the business of record destruction to dispose of consumer information in a manner that is consistent with this rule.

    (d) Relation to other laws. Nothing in this section shall be construed:

    (1) To require a person to maintain or destroy any record pertaining to a consumer that is imposed under Sec. 1.31 or any other provision of law; or

    (2) To alter or affect any requirement imposed under any other provision of law to maintain or destroy such a record.

    Appendix A to Part 162—Sample Clauses

    A. Although use of the model forms is not required, use of the model forms in this Appendix (as applicable) complies with the requirement in section 624 of the FCRA for clear, conspicuous, and concise notices.

    B. Certain changes may be made to the language or format of the model forms without losing the protection from liability afforded by use of the model forms. These changes may not be so extensive as to affect the substance, clarity, or meaningful sequence of the language in the model forms. Persons making such extensive revisions will lose the safe harbor that this Appendix provides. Acceptable changes include, for example:

    1. Rearranging the order of the references to “your income”, “your account history”, and “your credit score”.

    2. Substituting other types of information for “income”, “account history”, or “credit score” for accuracy, such as “payment history”, “credit history”, or “claims history”.

    3. Substituting a clearer and more accurate description of the affiliates providing or covered by the notice for phrases such as “the [ABC] group of companies,” including without limitation a statement that the entity providing the notice recently purchased the consumer's account.

    4. Substituting other types of affiliates covered by the notice for “commodity advisor”, “futures clearing merchant”, or “swap dealer” affiliates.

    5. Omitting items that are not accurate or applicable. For example, if a person does not limit the duration of the opt-out period, the notice may omit information about the renewal notice.

    6. Adding a statement informing consumers how much time they have to opt out before shared eligibility information may be used to make solicitations to them.

    7. Adding a statement that the consumer may exercise the right to opt out at any time.

    8. Adding the following statement, if accurate: “If you previously opted out, you do not need to do so again.”

    9. Providing a place on the form for the consumer to fill in identifying information, such as his or her name and address.

    • A-1 Model Form for Initial Opt-out notice (Single-Affiliate Notice)
    • A-2 Model Form for Initial Opt-out notice (Joint Notice)
    • A-3 Model Form for Renewal Notice (Single-Affiliate Notice)
    • A-4 Model Form for Renewal Notice (Joint Notice)
    • A-5 Model Form for Voluntary “No Marketing” Notice

    A-1 Model Form for Initial Opt-Out Notice (Single-Affiliate Notice)

    [Your Choice To Limit Marketing]/[Marketing Opt Out]

    —[Name of Affiliate] is providing this notice.

    —[Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.]

    —You may limit our affiliates in the [ABC] group of companies, such as our [commodity advisor, futures clearing merchant, and swap dealer] affiliates, from marketing their financial products or services to you based on your personal information that we collect and share with them. This information includes your [income], your [account history with us], and your [credit score].

    —Your choice to limit marketing offers from our affiliates will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from our affiliates for [another x years]/[at least another 5 years].

    —[Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from our affiliates, you do not need to act again until you receive the renewal notice.

    Start Printed Page 43890

    To limit marketing offers, contact us [include all that apply]:

    —By telephone: 1-877-###-####

    —On the Web: www.-.com

    —By mail: check the box and complete the form below, and send the form to:

    —[Company name]

    —[Company address]

    __Do not allow your affiliates to use my personal information to market to me.

    A-2 Model Form for Initial Opt-Out Notice (Joint Notice)

    [Your Choice to Limit Marketing]/[Marketing Opt Out]

    —The [ABC group of companies] is providing this notice.

    —[Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.]

    —You may limit the [ABC companies], such as the [ABC commodity advisor, futures clearing merchant, and swap dealer] affiliates, from marketing their financial products or services to you based on your personal information that they receive from other [ABC] companies. This information includes your [income], your [account history], and your [credit score].

    —Your choice to limit marketing offers from the [ABC] companies will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from the [ABC] companies for [another x years]/[at least another 5 years].

    −[Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from the [ABC] companies, you do not need to act again until you receive the renewal notice.

    To limit marketing offers, contact us

    [include all that apply]:

    By telephone: 1-877-###-####

    On the Web: www.-.com

    By mail: check the box and complete the form below, and send the form to:

    [Company name]

    [Company address]

    __ Do not allow any company [in the ABC group of companies] to use my personal information to market to me.

    A-3 Model Form for Renewal Notice (Single-Affiliate Notice)

    [Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt Out]

    −[Name of Affiliate] is providing this notice.

    −[Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.]

    −You previously chose to limit our affiliates in the [ABC] group of companies, such as our [commodity advisor, futures clearing merchant, and swap dealer] affiliates, from marketing their financial products or services to you based on your personal information that we share with them. This information includes your [income], your [account history with us], and your [credit score].

    −Your choice has expired or is about to expire.

    To renew your choice to limit marketing for [x] more years, contact us [include all that apply]:

    By telephone: 1-877-###-####

    On the Web: www.-.com

    By mail: check the box and complete the form below, and send the form to:

    [Company name]

    [Company address]

    __Renew my choice to limit marketing for [x] more years.

    A-4 Model Form for Renewal Notice (Joint Notice)

    [Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt Out]

    −The [ABC group of companies] is providing this notice.

    −[Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.]

    −You previously chose to limit the [ABC companies], such as the [ABC commodity advisor, futures clearing merchant, and swap dealer] affiliates, from marketing their financial products or services to you based on your personal information that they receive from other [ABC] companies. This information includes your [income], your [account history], and your [credit score].

    −Your choice has expired or is about to expire.

    To renew your choice to limit marketing for [x] more years, contact us [include all that apply]:

    By telephone: 1-877-###-####

    On the Web: www.-.com

    By mail: check the box and complete the form below, and send the form to:

    [Company name]

    [Company address]

    __ Renew my choice to limit marketing for [x] more years.

    A-5 Model Form for Voluntary “No Marketing” Notice

    [Your Choice To Stop Marketing]

    −[Name of Affiliate] is providing this notice.

    You may choose to stop all marketing from us and our affiliates.

    To stop all marketing offers, contact us [include all that apply]:

    By telephone: 1-877-###-####

    On the Web: www.-.com

    By mail: check the box and complete the form below, and send the form to:

    [Company name]

    [Company address]

    __ Do not market to me.

    End Part Start Signature

    Issued in Washington, DC, on July 7, 2011 by the Commission.

    David A. Stawick,

    Secretary of the Commission.

    End Signature

    Appendices to Business Affiliate Marketing and Disposal of Consumer Information Rules—Commission Voting Summary and Statements of Commissioners

    Note:

    The following appendices will not appear in the Code of Federal Regulations.

    Appendix 1—Commission Voting Summary

    On this matter, Chairman Gensler and Commissioners Dunn, Sommers, O'Malia and Chilton voted in the affirmative; no Commissioner voted in the negative.

    Appendix 2—Statement of Chairman Gary Gensler

    I support the final rulemaking to extend to customers of CFTC-regulated entities protections preventing certain business affiliated marketing and establishing other consumer information protections under the Fair Credit Reporting Act (FCRA). The rulemaking protects consumers by providing privacy protections to nonpublic consumer information held by entities that are subject to the jurisdiction of the Commission. The final rulemaking provides customers of CFTC-regulated entities with the same privacy protections now enjoyed by the customers of entities regulated by other Federal agencies.

    The rulemaking has two important features. First, it allows customers to prohibit Commission-regulated entities from using certain consumer information obtained from an affiliate to make solicitations to that customer for marketing purposes. This will be done by means of a customer opt out. Second, it requires Commission-regulated entities to develop and implement a written program and procedures for the proper disposal of consumer information. The rulemaking will help prevent the unauthorized use and disclosure of nonpublic, consumer information.

    End Supplemental Information

    Footnotes

    1.  See 75 FR 66018, Oct. 27, 2010.

    Back to Citation

    2.  See the Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1376 (2010). The text of the Dodd-Frank Act may be accessed at http://www.cftc.gov./​LawRegulation/​OTCDERIVATIVES/​index.htm.

    Back to Citation

    3.  See 15 U.S.C. 1681-1681x. The FCRA, enacted in 1970, sets standards for the collection, communication, and use of information bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living that is collected and communicated by consumer reporting agencies.

    Back to Citation

    4.  See Public Law 108-159, Section 214, 117 Stat. 1952, 1980 (2003). The FACT Act was signed into law on December 4, 2003. The FACT Act amended the FCRA to enhance the ability of consumers to combat identity theft, to increase the accuracy of consumer reports, to allow consumers to exercise greater control regarding the type and amount of solicitations they receive, and to restrict the use and disclosure of sensitive medical information. A portion of section 214 of the FACT Act amended the FCRA to add section 624 to the FCRA.

    Back to Citation

    5.  The CFTC-regulated entities that were covered in the Proposal included futures commission merchants (“FCMs”), retail foreign exchange dealers (“RFEDs”), commodity trading advisors (“CTAs”), commodity pool operators (“CPOs”), introducing brokers (“IBs”), swap dealers (“SDs”), or major swap participants (“MSPs”). Title VII of the Dodd-Frank Act created two new entities, which are subject to the jurisdiction of the Commission: SDs and MSPs. Section 162.2(n) of the Commission's regulations, 17 CFR 162.2(n), defines the term “major swap participant” to have the same meaning as in section 1a(33) of the Commodity Exchange Act, 7 U.S.C. 1 et seq. (“CEA”), as may be further defined by the Commission's regulations, and includes any person registered as such thereunder. Section 162.2(r) of the Commission's regulations, 17 CFR 162.2(r), defines the term “swap dealer” to have the same meaning as in section 1a(49) of the CEA, as may be further defined by the Commission's regulations, and includes any person registered as such thereunder.

    Back to Citation

    6.  For the disposal rules adopted by the various Federal agencies, see 69 FR 68690 (Nov. 24, 2004) (FTC); 69 FR 77610, Dec. 28, 2004 (Banking Agencies); 73 FR 13692, Mar. 13, 2008 (SEC). For the affiliate marketing rules adopted by the various Federal agencies, see 72 FR 61424, Oct. 31, 2007 (FTC); 72 FR 62910, Nov. 7, 2007 (Banking Agencies); 74 FR 58204, Sept. 10, 2009 (SEC).

    Back to Citation

    7.  See 75 FR at 66019.

    Back to Citation

    8.  Copies of these comment letters are available on the Commission's Web site at http://www.cftc.gov.

    Back to Citation

    9.  The Securities Industry and Financial Markets Association (“SIFMA”) submitted a comment letter dated December 20, 2010 (the “SIFMA letter”). The International Swaps and Derivatives Association (“ISDA”) and the Financial Services Roundtable (“FSR”) jointly submitted a comment letter dated December 27, 2010 (the “ISDA/FSR letter”). As noted above, both letters are available on the Commission's Web site.

    Back to Citation

    10.  The Commission also has made a few technical revisions to its final rules to add clarity. For example, in § 162.4(a)(2)(ii), the Commission revised two of the examples of what constitutes a continuing relationship with a covered affiliate. Specifically, the Commission revised these examples to demonstrate instances where an SD or MSP may have such a relationship, and where a swap transaction may evidence such a relationship.

    Back to Citation

    11.  Proposed § 162.2(f) defined the term “consumer” to mean an individual person. This definition follows the statutory definition in section 603(c) of the FCRA. As was noted in the preamble to the Proposal, an individual acting through a legal representative qualifies as a consumer. The Commission is amending the definition in the final rule as described herein to address comments received in response to the Proposal.

    Back to Citation

    12.  See 17 CFR 162.2(k), which defines the term “eligibility information” to mean any information that would be a consumer report if the exclusions from the definition of “consumer report” in section 603(d)(2)(A) of the FCRA did not apply. Examples of the type of information that would fall within the definition of “eligibility information” includes an affiliate's own transaction or experience information, such as information about a consumer's account history with that person, and other information, such as information from credit bureau reports or applications. The term “eligibility information” does not include aggregate or blind data that does not contain personal identifiers. Examples of personal identifiers include account numbers, names, or addresses, as well as Social Security numbers, driver's license numbers, telephone numbers, or other types of information that, depending on the circumstances or when used in combination, could identify the consumer.

    Back to Citation

    13.  See 17 CFR 162.2(a), which defines “affiliates” to mean “any person that is related by common ownership or common corporate control with a covered affiliate.”

    Back to Citation

    14.  See 17 CFR 162.2(q), which defines the term “pre-existing business relationship” to mean a relationship between a person (or a person's licensed agent) and a consumer based on the following: (1) A financial contract between the person and the consumer that is in force on the date on which the consumer is sent a solicitation by this subpart; (2) the purchase, rental, or lease by the consumer of a person's financial products or services, or a financial transaction (including holding an active account or a policy in force or having another continuing relationship) between the consumer and the person, during the 18-month period immediately preceding the date on which a solicitation covered by this subpart is sent to the consumer; or (3) an inquiry or application by the consumer regarding a financial product or service offered by that person during the three-month period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart.

    Back to Citation

    15.  See 17 CFR 162.2(h), which defines the term “covered affiliate” to mean an FCM, RFED, CTA, CPO, IB, SD, or MSP, which is subject to the jurisdiction of the Commission.

    Back to Citation

    16.  See 17 CFR 162.2(r), which defines the term “solicitation” to mean the marketing of a financial product or service initiated by a covered affiliate to a particular consumer that is based on eligibility information communicated to the covered affiliate by its affiliate and is intended to encourage the consumer to purchase the covered affiliate's financial product or service. A communication, such as a telemarketing solicitation, direct mail, or e-mail, is a solicitation if it is directed to a specific consumer based on eligibility information. The definition of solicitation does not, however, include communications that are directed at the general public without regard to eligibility information, even if those communications are intended to encourage consumers to purchase financial products and services from the person initiating the communications.

    Back to Citation

    17.  Section 162.3(d) of the Commission's regulations sets forth when a covered affiliate makes a solicitation to a consumer.

    Back to Citation

    18.  See 17 CFR 162.2(b), which defines the term “clear and conspicuous” to mean reasonably understandable and designed to call attention to the nature and significance of the information presented in the notice.

    Back to Citation

    19.  See 17 CFR 162.2(h), which defines the term “concise” to mean a reasonably brief expression or statement.

    Back to Citation

    20.  Section 162.3(b) of the Commission's regulations, 17 CFR 162.3(b), identifies the parties who are responsible to provide the notice as either: (1) The affiliate with a pre-existing business relationship to report the initial opt-out notice directly to the consumer; or (2) one or more of affiliates to provide a joint notice to the consumer, provided that at least one of the affiliates has or previously had the pre-existing business relationship with the consumer.

    Section 162.4(b) provides that an opt-out election must be effective for a period of at least five years beginning when the consumer's opt-out election is received and implemented, unless the consumer subsequently revokes the opt-out election in writing or, if the consumer agrees, electronically.

    Back to Citation

    21.  Section 162.6(a) of the Commission's regulations, 17 CFR 162.6(a), sets forth the general rule prohibiting covered affiliates from using eligibility information about a consumer unless the consumer is provided a reasonable opportunity to opt out, as required by the proposed regulation. Section 162.7(b) sets forth reasonable and simple methods of opting out.

    Back to Citation

    22.  See the SIFMA letter at 3.

    Back to Citation

    23.  See the SIFMA letter at 4 and the ISDA/FSR letter at 2.

    Back to Citation

    25.  See the SIFMA letter at 5.

    Back to Citation

    26.  See the SIFMA letter at 4-5.

    Back to Citation

    27.  See 17 CFR 162.2(i), which defines the terms “dispose” or “disposal” to mean the discarding or abandonment of consumer information or the sale, donation, or transfer of any medium, including computer equipment, upon which consumer information is stored. The Proposal noted that the sale, donation, or transfer, as opposed to the discarding or abandonment, of consumer information would not be considered “disposal” under this definition. For example, an entity subject to the disposal rule that transfers consumer report information to a third party for marketing purposes would not be discarding the information for the purposes of the disposal rule. If the entity sells computer equipment on which consumer report information is stored, however, the sale would be considered disposal. This definition is wholly consistent with the definition of “dispose” or “disposal” in the Agencies' final disposal rules. For those reasons, the Commission adopts this definition as proposed.

    Back to Citation

    28.  Like the affiliate marketing rules, the types of Commission-regulated entities that are subject to the disposal rules are FCMs, RFEDs, CTAs, CPOs, IBs, SDs, and MSPs.

    Back to Citation

    29.  See 17 CFR 162.2(g), which defines the term “consumer information” to mean any record about an individual, whether in paper, electronic, or other form that is a consumer report or is derived from a consumer report (as defined section 603(d)(1) of the FCRA). Consumer information also means a compilation of such records. Consumer information does not include information that does not identify individuals, such as aggregate information or blind data.

    Back to Citation

    30.  See 75 FR 66014, Oct. 27, 2010. The effective date of the part 160 conforming amendments rulemaking was intended to follow the designated transfer date when various Federal agencies transfer their consumer protection authority to the Consumer Financial Protection Bureau pursuant to section 1100H of the Dodd-Frank Act.

    Back to Citation

    31.  See the SIFMA letter at 6.

    Back to Citation

    32.  See the Commission's proposed entities definitional rulemaking at 75 FR 80174, Dec. 21, 2010.

    Back to Citation

    33.  The Commission acknowledges that there will likely be an incremental cost in the aggregate in respect of those entities who do not currently comply with the Agencies' similar regulations. The Commission believes that this incremental cost, however, is outweighed by the benefits that will accrue to the general public in terms of the privacy protections that will be afforded to their personal information.

    Back to Citation

    34.  See the Commission's cost-benefit discussion and Paperwork Reduction Act analysis at 75 FR at 66030-31.

    Back to Citation

    35.  See the SIFMA letter at 4-5.

    Back to Citation

    38.  Previous determinations for FCMs at 47 FR 18618, 18619, Apr. 30, 1982; CPOs at 47 FR 18618, 18619, Apr. 30, 1982; and IBs at 48 FR 14933, 14955, Apr. 6, 1983.

    Back to Citation

    [FR Doc. 2011-17711 Filed 7-21-11; 8:45 am]

    BILLING CODE 6351-01-P

Document Information

Comments Received:
0 Comments
Published:
07/22/2011
Department:
Commodity Futures Trading Commission
Entry Type:
Rule
Action:
Final rule.
Document Number:
2011-17711
Pages:
43879-43890 (12 pages)
RINs:
3038-AD12: Disposal and Affiliate Sharing of Consumer, Nonpublic Information Under Fair and Accurate Credit Transactions Act of 2003 and Fair Credit Reporting Act
RIN Links:
https://www.federalregister.gov/regulations/3038-AD12/disposal-and-affiliate-sharing-of-consumer-nonpublic-information-under-fair-and-accurate-credit-tran
Topics:
Brokers, Consumer protection, Privacy, Reporting and recordkeeping requirements
PDF File:
2011-17711.pdf
CFR: (11)
17 CFR 162.1
17 CFR 162.2
17 CFR 162.3
17 CFR 162.4
17 CFR 162.5
More ...