"SolveTheProblem" Project
Has Congress Forgotten Your Right to Privacy? - Is the "Financial Modernization Act" fair to consumers? Why did Congress forget to include you in the process? Shouldn't you decide who should have your personal information? Did Congress respect your rights when it "appropriated" your personal information without your permission and wrote into law that every bank, insurance company, credit card company and credit agency should have it and be able to give it thousands of unidentifed private companies, all without your permission?
A Call To Action - The Senate is the branch of Congress that is equally represented among the states. Therefore, over the next several months, we will be asking every Senator for their commitment to change the status quo. To afford an equal and fair opportunity to respond, a compendium of the responses up to 600 words will be published here.
 
Date: [to be determined]
Senators of the Unitied States of America, Washington, DC
Dear Honorable Senators:
The SolveTheProblem Project is a constructive effort to solve a compelling problem of national interest. This letter requests your commitment to remedy an error made in 1999 that has harmed 75 million Americans in 2007. Your thoughtful response and your commitment to SolveTheProblem would be appreciated.
The focus of the project is the "Financial Modernization Act of 1999" Privacy section {RE: Gramm-Leach-Bliley Act (GBLA), Title V, Subtitle A, Financial Privacy 15 U.S.C. § 6801-6809} which requires notice to consumers about disclosures of their personal information to third parties. While the GLBA provides an opportunity to "opt-out" of some disclosures [only nonaffiliated third parties], there is no way for citizens to "opt-out" of disclosures to tens of thousands of unidentified third party contractors, subsidiaries and affiliates.
The problem is that some of these tens of thousands of unidentified third parties make disclosure mistakes every day. This is the fuel of the identity theft engine. The financial service industry told Congress that citizens` privacy would be ensured and this would not happen. But it did and still does every day. More than a hundred million citizens have collectively suffered tens of billions of dollars in damages since 1999.
The "opt-in" default is a "best practice" identity theft deterrent and the personal choice of nearly every American. Bank of America testified under oath that this was true. Most will not "opt-in" to ensure their privacy and protect their personal information from misuse. Then why did Congress do the opposite, and seize the personal information of every citizen and give it to tens of thousands of unidentified third party private companies with extremely limited opportunities to "opt-out"? Read the congressional record. It is replete with testimony from a virtual army of well-funded financial service industry lobbyists and industry officials who were there to ensure their multi-billion dollar profit stream generated by selling the personal information of millions of American without their permission. In 1999, the lobbyists won. Citizens have felt the pain ever since.
What is the rule of law? According to Article IV of the Amendments to the Constitution, citizens have the first position of authority regarding ownership of their personal property: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated." Is it "reasonable" for the government to seize a citizen`s personal information without their permission or a court warrant and give it to thousands of unidentified third parties?
Are citizens frustrated by the "opt-Out" process where there is: (1) no standard procedure; and (2) no central registry to affect "opt-out"; and (3) no requirement to send a written confirmation; and (4) a requirement to disclose non-public personal information that may not already have been disclosed? Absolutely! That is why fewer than 2% "opt-out" to the delight of identity thieves and the financial services industry.
This request will be sent to every Congressman and Senator. A compendium of responses (up to 600 words) will be published at http://solvetheproblem.info. If no response is received in thirty (30) days, the default response will be: "[name] supports the law permitting the disclosure of the personal information of every American without their the permission to thousands of unidentified third parties."
In closing and on behalf of the SolveTheProblem Project, I would appreciate your thoughtful response and your decision to help SolveTheProblem. Thank you in advance for participating in the project.
SolveTheProblem Project Director
Post Office Box 42
Francestown, NH 03043
 
Suggested Solution Would you agree that the boldface additions are what should be public policy in the "Financial Modernization Act of 1999" {RE: Gramm-Leach-Bliley Act, Title V, Subtitle A, Financial Privacy 15 U.S.C. § 6801-6809} and that the strikeout text is what should be removed?
TITLE V--PRIVACY

Subtitle A--Disclosure of Nonpublic Personal Information

SEC. 501. { NOTE: 15 USC 6801. } PROTECTION OF NONPUBLIC PERSONAL INFORMATION.

(a) Privacy Obligation Policy.--It is the policy of the Congress that each citizen of the United States of America owns and controls the use of their personal identity information and each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information.
(b) Financial Institutions Safeguards.--In furtherance of the policy in subsection (a), each agency or authority described

[[Page 113 STAT. 1437]]

in section 505(a) shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards--
(1) to insure the security and confidentiality of customer records and information;
(2) to protect against any anticipated threats or hazards to the security or integrity of such records; and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer; and
(4) to be held responsibe in a cause of action for any damages, injury or irreparable harm caused by the financial institution where such personal identity information entrusted to them falls into the hands of unauthorized persons.

SEC. 502. OBLIGATIONS { NOTE: 15 USC 6802. } WITH RESPECT TO DISCLOSURES OF PERSONAL INFORMATION.

(a) Notice Requirements.--Except as otherwise provided in this subtitle, a financial institution may not, directly or through any affiliate, disclose to a nonaffiliated third party any nonpublic personal information, unless such financial institution provides or has provided to the consumer a notice that complies with section 503.
(b) Opt Out.--Except as otherwise provided in this subtitle, it is assumed that a consumer has directed the financial institution to not disclose their personal information to third parties;
(1) In general.-- A financial institution may not, unless required by law--
(A) disclose the consumer's nonpublic personal information to a third party; or
(B) make a consumers nonpublic personal information accessible on the Internet; or
(C) allow a consumers nonpublic personal information to be exported beyond the jurisdiction of the United States; or
(D) be resident on any marketing related lists, databases, studies, profiles, and the like.
(2) Opt in Exception.--a financial institution may obtain affirmative consent from the consumer to disclose nonpublic personal information.
(1) In general.--A financial institution may not disclose nonpublic personal information to a nonaffiliated third party unless--
(A) such financial institution clearly and conspicuously discloses to the consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 504, that such information may be disclosed to such third party;
(B) the consumer is given the opportunity, before the time that such information is initially disclosed, to direct that such information not be disclosed to such third party; and
(C) the consumer is given an explanation of how the consumer can exercise that nondisclosure option.
(2) Exception.--This subsection shall not prevent a financial institution from providing nonpublic personal information to a nonaffiliated third party to perform services for or functions on behalf of the financial institution, including marketing of the financial institution's own products or services, or financial products or services offered pursuant to joint agreements between two or more financial institutions that comply with the requirements imposed by the regulations prescribed under section 504, if the financial institution fully discloses the providing of such information and enters into a contractual agreement with the third party that requires the third party to maintain the confidentiality of such information.

(c) Limits on Reuse of Information.--Except as otherwise provided in this subtitle, a nonaffiliated third party that receives from a financial institution nonpublic personal information under this section shall not, directly or through an affiliate of such receiving third party, disclose such information to any other person that is a nonaffiliated third party of both the financial institution and such receiving third party, unless such disclosure would be lawful if made directly to such other person by the financial institution.
(d) Limitations on the Sharing of Account Number Information for Marketing Purposes.--A financial institution

[[Page 113 STAT. 1438]]

shall not disclose, other than to a consumer reporting agency, an account number or similar form of access number or access code for a credit card account, deposit account, or transaction account of a consumer to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer.
(e) General Exceptions.--Subsections (a) and (b) shall not prohibit the disclosure of nonpublic personal information--
(1) as necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with--
(A) servicing or processing a financial product or service requested or authorized by the consumer;
(B) maintaining or servicing the consumer's account with the financial institution, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity; or
(C) a proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer;
(2) with the affirmative consent or at the direction of the consumer;
(3)(A) to protect the confidentiality or security of the financial institution's records pertaining to the consumer, the service or product, or the transaction therein; (B) to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; (C) for required institutional risk control, or for resolving customer disputes or inquiries; (D) to persons holding a legal or beneficial interest relating to the consumer; or (E) to persons acting in a fiduciary or representative capacity on behalf of the consumer;
(4) to provide information to insurance rate advisory organizations, guaranty funds or agencies, applicable rating agencies of the financial institution, persons assessing the institution's compliance with industry standards, and the institution's attorneys, accountants, and auditors;
(5) to the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978, to law enforcement agencies (including a Federal functional regulator, the Secretary of the Treasury with respect to subchapter II of chapter 53 of title 31, United States Code, and chapter 2 of title I of Public Law 91-508 (12 U.S.C. 1951-1959), a State insurance authority, or the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety;
(6)(A) to a consumer reporting agency in accordance with the Fair Credit Reporting Act, or (B) from a consumer report reported by a consumer reporting agency;
(7) in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of such business or unit; or
(8) to comply with Federal, State, or local laws, rules, and other applicable legal requirements; to comply with a properly authorized civil, criminal, or regulatory investigation or subpoena or summons by Federal, State, or local authorities; or to respond to judicial process or government regulatory

[[Page 113 STAT. 1439]]

authorities having jurisdiction over the financial institution for examination, compliance, or other purposes as authorized by law.

SEC. 503. { NOTE: 15 USC 6803. } DISCLOSURE OF INSTITUTION PRIVACY POLICY.

(a) Disclosure Required.--At the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship, a financial institution shall provide a clear and conspicuous disclosure to such consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 504, of such financial institution's policies and practices with respect to--
(1) disclosing nonpublic personal information to affiliates and nonaffiliated third parties, consistent with section 502, including the categories of information that may be disclosed;
(2) disclosing nonpublic personal information of persons who have ceased to be customers of the financial institution; and
(3) protecting the nonpublic personal information of consumers.
Such disclosures shall be made in accordance with the regulations prescribed under section 504.
(b) Information To Be Included.--The disclosure required by subsection (a) shall include--
(1) the policies and practices of the institution with respect to disclosing nonpublic personal information to nonaffiliated third parties, other than agents of the institution, consistent with section 502 of this subtitle, and including--
(A) the categories, names, titles, legal addresses and telephone numbers of the responsible persons to whom the information is or may be disclosed, except those disclosures required by law, other than the persons to whom the information may be provided pursuant to section 502(e); and
(B) the policies and practices of the institution with respect to disclosing of nonpublic personal information of persons who have ceased to be customers of the financial institution;
(2) the categories and specific types of nonpublic personal information that are collected by the financial institution;
(3) the policies that the institution maintains to protect the confidentiality and security of nonpublic personal information in accordance with section 501; and
(4) the disclosures required, if any, under section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act.

SEC. 504. { NOTE: 15 USC 6804. } RULEMAKING.

(a) Regulatory Authority.--
(1) Rulemaking.--The Federal banking agencies, the National Credit Union Administration, the Secretary of the Treasury, the Securities and Exchange Commission, and the Federal Trade Commission shall each prescribe, consistent with section 502, after consultation as appropriate with representatives of State insurance authorities designated by the National Association of Insurance Commissioners, such regulations as may be necessary to carry out the purposes of this subtitle with respect to the financial institutions subject to their jurisdiction under section 505.
(2) Coordination, consistency, and comparability.--Each of the agencies and authorities required under paragraph (1) to prescribe regulations shall consult and coordinate with

[[Page 113 STAT. 1440]]

the other such agencies and authorities for the purposes of assuring, to the extent possible, that the regulations prescribed by each such agency and authority are consistent and comparable with the regulations prescribed by the other such agencies and authorities.
(3) Procedures and deadline.--Such regulations shall be prescribed in accordance with applicable requirements of title 5, United States Code, and shall be issued in final form not later than 6 months after the date of the enactment of this Act.
(b) Authority To Grant Exceptions.--The regulations prescribed under subsection (a) may include such additional exceptions to subsections (a) through (d) of section 502 as are deemed consistent with the purposes of this subtitle.

SEC. 505. { NOTE: 15 USC 6805. } ENFORCEMENT.

(a) In General.--This subtitle and the regulations prescribed thereunder shall be enforced by the Federal functional regulators, the State insurance authorities, and the Federal Trade Commission with respect to financial institutions and other persons subject to their jurisdiction under applicable law, as follows:
(1) Under section 8 of the Federal Deposit Insurance Act, in the case of--
(A) national banks, Federal branches and Federal agencies of foreign banks, and any subsidiaries of such entities (except brokers, dealers, persons providing insurance, investment companies, and investment advisers), by the Office of the Comptroller of the Currency;
(B) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, organizations operating under section 25 or 25A of the Federal Reserve Act, and bank holding companies and their nonbank subsidiaries or affiliates (except brokers, dealers, persons providing insurance, investment companies, and investment advisers), by the Board of Governors of the Federal Reserve System;
(C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System), insured State branches of foreign banks, and any subsidiaries of such entities (except brokers, dealers, persons providing insurance, investment companies, and investment advisers), by the Board of Directors of the Federal Deposit Insurance Corporation; and
(D) savings associations the deposits of which are insured by the Federal Deposit Insurance Corporation, and any subsidiaries of such savings associations (except brokers, dealers, persons providing insurance, investment companies, and investment advisers), by the Director of the Office of Thrift Supervision.
(2) Under the Federal Credit Union Act, by the Board of the National Credit Union Administration with respect to any federally insured credit union, and any subsidiaries of such an entity.

[[Page 113 STAT. 1441]]

(3) Under the Securities Exchange Act of 1934, by the Securities and Exchange Commission with respect to any broker or dealer.
(4) Under the Investment Company Act of 1940, by the Securities and Exchange Commission with respect to investment companies.
(5) Under the Investment Advisers Act of 1940, by the Securities and Exchange Commission with respect to investment advisers registered with the Commission under such Act.
(6) Under State insurance law, in the case of any person engaged in providing insurance, by the applicable State insurance authority of the State in which the person is domiciled, subject to section 104 of this Act.
(7) Under the Federal Trade Commission Act, by the Federal Trade Commission for any other financial institution or other person that is not subject to the jurisdiction of any agency or authority under paragraphs (1) through (6) of this subsection.
(b) Enforcement of Section 501.--
(1) In general.--Except as provided in paragraph (2), the agencies and authorities described in subsection (a) shall implement the standards prescribed under section 501(b) in the same manner, to the extent practicable, as standards prescribed pursuant to section 39(a) of the Federal Deposit Insurance Act are implemented pursuant to such section.
(2) Exception.--The agencies and authorities described in paragraphs (3), (4), (5), (6), and (7) of subsection (a) shall implement the standards prescribed under section 501(b) by rule with respect to the financial institutions and other persons subject to their respective jurisdictions under subsection (a).
(c) Absence of State Action.--If a State insurance authority fails to adopt regulations to carry out this subtitle, such State shall not be eligible to override, pursuant to section 47(g)(2)(B)(iii) of the Federal Deposit Insurance Act, the insurance customer protection regulations prescribed by a Federal banking agency under section 47(a) of such Act.
(d) Definitions.--The terms used in subsection (a)(1) that are not defined in this subtitle or otherwise defined in section 3(s) of the Federal Deposit Insurance Act shall have the same meaning as given in section 1(b) of the International Banking Act of 1978.

SEC. 506. PROTECTION OF FAIR CREDIT REPORTING ACT.

(a) Amendment.--Section 621 of the Fair Credit Reporting Act (15 U.S.C. 1681s) is amended--
(1) in subsection (d), by striking everything following the end of the second sentence; and
(2) by striking subsection (e) and inserting the following:
``(e) Regulatory Authority.--
``(1) The Federal banking agencies referred to in paragraphs (1) and (2) of subsection (b) shall jointly prescribe such regulations as necessary to carry out the purposes of this Act with respect to any persons identified under paragraphs (1) and
(2) of subsection (b), and the Board of Governors of the Federal Reserve System shall have authority to prescribe regulations consistent with such joint regulations with respect to bank

[[Page 113 STAT. 1442]]

holding companies and affiliates (other than depository institutions and consumer reporting agencies) of such holding companies.
``(2) The Board of the National Credit Union Administration shall prescribe such regulations as necessary to carry out the purposes of this Act with respect to any persons identified under paragraph (3) of subsection (b).''.
(b) Conforming Amendment.--Section 621(a) of the Fair Credit Reporting Act (15 U.S.C. 1681s(a)) is amended by striking paragraph (4).
(c) Relation { NOTE: 15 USC 6806. } to Other Provisions.--Except for the amendments made by subsections (a) and (b), nothing in this title shall be construed to modify, limit, or supersede the operation of the Fair Credit Reporting Act, and no inference shall be drawn on the basis of the provisions of this title regarding whether information is transaction or experience information under section 603 of such Act.

SEC. 507. { NOTE: 15 USC 6807. } RELATION TO STATE LAWS.

(a) In General.--This subtitle and the amendments made by this subtitle shall not be construed as superseding, altering, or affecting any statute, regulation, order, or interpretation in effect in any State, except to the extent that such statute, regulation, order, or interpretation is inconsistent with the provisions of this subtitle, and then only to the extent of the inconsistency.
(b) Greater Protection Under State Law.--For purposes of this section, a State statute, regulation, order, or interpretation is not inconsistent with the provisions of this subtitle if the protection such statute, regulation, order, or interpretation affords any person is greater than the protection provided under this subtitle and the amendments made by this subtitle, as determined by the Federal Trade Commission, after consultation with the agency or authority with jurisdiction under section 505(a) of either the person that initiated the complaint or that is the subject of the complaint, on its own motion or upon the petition of any interested party.

SEC. 508. STUDY { NOTE: 15 USC 6808. } OF INFORMATION SHARING AMONG FINANCIAL AFFILIATES.

(a) In General.--The Secretary of the Treasury, in conjunction with the Federal functional regulators and the Federal Trade Commission, shall conduct a study of information sharing practices among financial institutions and their affiliates. Such study shall include--
(1) the purposes for the sharing of confidential customer information with affiliates or with nonaffiliated third parties;
(2) the extent and adequacy of security protections for such information;
(3) the potential risks for customer privacy of such sharing of information;
(4) the potential benefits for financial institutions and affiliates of such sharing of information; (5) the potential benefits for customers of such sharing of information;
(6) the adequacy of existing laws to protect customer privacy;
(7) the adequacy of financial institution privacy policy and privacy rights disclosure under existing law;

[[Page 113 STAT. 1443]]

(8) the feasibility of different approaches, including opt- out and opt-in, to permit customers to direct that confidential information not be shared with affiliates and nonaffiliated third parties; and
(9) the feasibility of restricting sharing of information for specific uses or of permitting customers to direct the uses for which information may be shared.
(b) Consultation.--The Secretary shall consult with representatives of State insurance authorities designated by the National Association of Insurance Commissioners, and also with financial services industry, consumer organizations and privacy groups, and other representatives of the general public, in formulating and conducting the study required by subsection (a).
(c) Report.--On { NOTE: Deadline. } or before January 1, 2002, the Secretary shall submit a report to the Congress containing the findings and conclusions of the study required under subsection (a), together with such recommendations for legislative or administrative action as may be appropriate.

SEC. 509. { NOTE: 15 USC 6809. } DEFINITIONS.

As used in this subtitle:
(1) Federal banking agency.--The term ``Federal banking agency'' has the same meaning as given in section 3 of the Federal Deposit Insurance Act.
(2) Federal functional regulator.--The term ``Federal functional regulator'' means--
(A) the Board of Governors of the Federal Reserve System;
(B) the Office of the Comptroller of the Currency;
(C) the Board of Directors of the Federal Deposit Insurance Corporation;
(D) the Director of the Office of Thrift Supervision;
(E) the National Credit Union Administration Board; and
(F) the Securities and Exchange Commission.
(3) Financial institution.--
(A) In general.--The term ``financial institution'' means any institution the business of which is engaging in financial activities as described in section 4(k) of the Bank Holding Company Act of 1956.
(B) Persons subject to cftc regulation.-- Notwithstanding subparagraph (A), the term ``financial institution'' does not include any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act.
(C) Farm credit institutions.--Notwithstanding subparagraph (A), the term ``financial institution'' does not include the Federal Agricultural Mortgage Corporation or any entity chartered and operating under the Farm Credit Act of 1971.
(D) Other secondary market institutions.-- Notwithstanding subparagraph (A), the term ``financial institution'' does not include institutions chartered by Congress specifically to engage in transactions described in section 502(e)(1)(C), as long as such institutions do not sell or

[[Page 113 STAT. 1444]]

transfer nonpublic personal information to a nonaffiliated third party.
(4) Nonpublic personal information.--
(A) The term ``nonpublic personal information'' means personally identifiable financial information--
(i) provided by a consumer to a financial institution;
(ii) resulting from any transaction with the consumer or any service performed for the consumer; or
(iii) otherwise obtained by the financial institution.
(B) Such term does not include publicly available information, as such term is defined by the regulations prescribed under section 504, but shall at least include any medical, health and biometric information; and key personal identity information targeted by identity thieves such as-- a social security number, driver's license number, maiden name, age, date of birth, gender, marital status, race, religion or color; and any userid, username, password, keyword, key-phrase, and the like.
(C) Notwithstanding subparagraph (B), such term--
(i) shall include any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any nonpublic personal information other than publicly available information; but
(ii) shall not include any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any nonpublic personal information.
(5) Nonaffiliated third party.--The term ``nonaffiliated third party'' means any entity that is not an affiliate of, or related by common ownership or affiliated by corporate control with, the financial institution, but does not include a joint employee of such institution.
(6) Affiliate.--The term ``affiliate'' means any company that controls, is controlled by, or is under common control with another company.
(7) Necessary to effect, administer, or enforce.--The term ``as necessary to effect, administer, or enforce the transaction'' means--
(A) the disclosure is required, or is a usual, appropriate, or acceptable method, to carry out the transaction or the product or service business of which the transaction is a part, and record or service or maintain the consumer's account in the ordinary course of providing the financial service or financial product, or to administer or service benefits or claims relating to the transaction or the product or service business of which it is a part, and includes--
(i) providing the consumer or the consumer's agent or broker with a confirmation, statement, or other record of the transaction, or information on the status or value of the financial service or financial product; and
(ii) the accrual or recognition of incentives or bonuses associated with the transaction that are provided by the financial institution or any other party;
(B) the disclosure is required, or is one of the lawful or appropriate methods, to enforce the rights of the financial institution or of other persons engaged in carrying out the financial transaction, or providing the product or service;
(C) the disclosure is required, or is a usual, appropriate, or acceptable method, for insurance underwriting at the

[[Page 113 STAT. 1445]]

consumer's request or for reinsurance purposes, or for any of the following purposes as they relate to a consumer's insurance: Account administration, reporting, investigating, or preventing fraud or material misrepresentation, processing premium payments, processing insurance claims, administering insurance benefits (including utilization review activities), participating in research projects, or as otherwise required or specifically permitted by Federal or State law; or
(D) the disclosure is required, or is a usual, appropriate or acceptable method, in connection with--
(i) the authorization, settlement, billing, processing, clearing, transferring, reconciling, or collection of amounts charged, debited, or otherwise paid using a debit, credit or other payment card, check, or account number, or by other payment means;
(ii) the transfer of receivables, accounts or interests therein; or
(iii) the audit of debit, credit or other payment information.

(8) State insurance authority.--The term ``State insurance authority'' means, in the case of any person engaged in providing insurance, the State insurance authority of the State in which the person is domiciled.
(9) Consumer.--The term ``consumer'' means an individual who obtains, from a financial institution, financial products or services which are to be used primarily for personal, family, or household purposes, and also means the legal representative of such an individual.
(10) Joint agreement.--The term ``joint agreement'' means a formal written contract pursuant to which two or more financial institutions jointly offer, endorse, or sponsor a financial product or service, and as may be further defined in the regulations prescribed under section 504.
(11) Customer { NOTE: Regulations. } relationship.--The term ``time of establishing a customer relationship'' shall be defined by the regulations prescribed under section 504, and shall, in the case of a financial institution engaged in extending credit directly to consumers to finance purchases of goods or services, mean the time of establishing the credit relationship with the consumer.
(12) Affirmative Consent.-- The term ``affirmative consent'' shall be defined as the consumer's express written consent of agreement to a clear and conspicuous written request from a financial institution and such request shall not be a condition of doing business with the financial institution.

SEC. 510. { NOTE: 15 USC 6801 note. } EFFECTIVE DATE.

This subtitle shall take effect 6 months after the date on which rules are required to be prescribed under section 504(a)(3), except--
(1) to the extent that a later date is specified in the rules prescribed under section 504; and
(2) that sections 504 and 506 shall be effective upon enactment.

[[Page 113 STAT. 1446]]
 
Another Solution: The GLBA does not prohibit charging a fee to anyone who sells your personal information or is financially enriched by such activities. There is no law that prohibits you from setting conditions regarding the use, sharing, disclosure, etc. of your personal information either. These are completely unregulated activities just like finance charges, late fees and other service fees. So ... get yourself into the profit stream by setting fees for the use of your personal information! This will also establish a basis for damages when your identity is stolen. This Personal Privacy Notice [click here] can be personalized by changing the HTML details in the URL. Try it.
What inspired us most? click here
Congress Has NOT Treated Consumers Fairly or Equitably! click here
The credit card industry gleans more revenue from fees than from finance charges! click here
Why is a Privacy Notice necessary?
Prevent identity theft with a Personal Privacy Notice.
Prevent identity theft with a Personal Privacy Notice (printable version).
Sample letters to send to Opt-Out of third-party personal identity information sharing.
List of Opt-Out mailing addresses