Posted on December 09, 2020
In a word: yes.
If you’ve ever applied for a loan, you know that banks and credit unions collect a lot of personal financial information from you, such as your income and credit history. And it’s not uncommon for lenders to then share your information with other vendors, such as insurance companies after the loan is finalized. But why do banks and credit unions share your information and what protections are available to consumers to ensure their privacy?
Today’s WatchBlog explores ournew reporton this issue. You can also tune in to our new podcast with GAO consumer protection and privacy experts Alicia Puente Cackley and Nick Marinos to learn more.
Transcript
What types of information do banks collect and why?
Banks and credit unions collect and use many types of personal information to conduct everyday business activities and to market products and services. The information banks collect may be used to create bank statements, monitor for fraud, and determine credit eligibility.
Banks and credit unions also gather information about consumers’ online activities. This information may not identify an individual, but can be used for marketing. For example, when consumers access a financial institution’s website and use mobile or online services, banks and credit unions collect information about their social media and browsing activities, type of computer or mobile device, and network address. Banks mainly use this information to ensure their websites function properly, detect and prevent fraud, and per ourreport, to tailor advertisem*nts.
Why do banks share your information?
The personal information banks collect and share helps them approve customers for services like loans and set up accounts. But it is also helps them and their marketing partners determine whether they should offer other products and services. Banks share information with various types of third-party vendors including:
- financial companies like mortgage bankers, securities brokers-dealers, and insurance agents;
- retailers (for example, home improvement stores), magazine publishers, airline companies, and direct marketers;
- companies that deliver services on behalf of the lender (for example, mortgage servicers), and government agencies and nonprofits.
Are they allowed to share your information?
Again, the answer is yes. But, banks and credit unions are also required to have processes in place to protect the personal information they collect, use, and share with third parties. Also, customers can opt out of having their information shared under certain conditions. The primary law that governs how financial institutions can use or share personal information about consumers is the Gramm-Leach-Bliley Act of 1999. This law prohibits a financial institution from disclosing a consumer’s nonpublic personal information like your Social Security number, income, and outstanding debt to companies that are not related to the financial institution. Consumers have the right to opt out of some, but not all, sharing of their personal information. There are exceptions. For example, banks don’t have to let you opt out when transferring your information to their loan servicer.
To learn more about this topic and consumer protections, check outour report.And to learn more about our portfolio of work on this topic check out our key issues page onConsumer Financial Protections.
- Comments on GAO’s WatchBlog? Contactblog@gao.gov.
Topics
Business Regulation and Consumer Protection
Information Security
Consumer Financial Protection Bureau
Consumer protection
Consumer protection laws
Cybersecurity
Banking
Banking law
Financial Markets and Community Investment
Information Technology and Cybersecurity
GAO Contacts
Alicia Puente Cackley
Director
cackleya@gao.gov
(202) 512-8678
Nick Marinos
Managing Director
MarinosN@gao.gov
(202) 512-9342
