Footnote 1:  GLBA, Subtitle A, uses the terms “consumer” and “customer.” GLBA, Section 509(9), defines “consumer” as an individual (or legal representative) who obtains, from a financial institution, financial products or services that are to be used primarily for personal, family, or household purposes. The FDIC’s Rules and Regulations, Section 332.3, implements GLBA Section 509(11) by defining “customer relationship” as a continuing relationship between a consumer and the financial institution that provides one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes. This report uses “consumer” unless, in the particular context, “customer” would be more appropriate.

Footnote 2:  The GLBA requires financial institutions to provide notices describing the type of information they intend to share with third parties and how customers may "opt out," or say "no," to information sharing under certain circumstances.

Footnote 3:  According to section 3 of the Federal Deposit Insurance Act, “[t]he term ‘Federal banking agency’ means the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the Board of Governors of the Federal Reserve System, or the Federal Deposit Insurance Corporation.”

Footnote 4:  FCRA, Section 603, defines “consumer” as “an individual.” Also, FCRA Section 603 defines the term “consumer reporting agency” as “any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.”

Footnote 5:  FCRA, Section 603, defines "consumer report" as any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer's creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living, which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer's eligibility for: (1) credit or insurance to be used primarily for personal, family, or household purposes; (2) employment purposes; or (3) any other purpose authorized under section 604.

Footnote 6:  For these five provisions, the FACT Act states that the federal banking agencies, NCUA, and FTC shall either jointly or in coordination, establish and maintain guidelines, and prescribe regulations. For provisions requiring coordination, the FACT Act states that each agency required to prescribe regulations shall consult and coordinate with each other so that, to the extent possible, the regulations prescribed are consistent and comparable.

Footnote 7:  On September 26, 2003, the OIG issued Audit Report No. 03-044. The objective of the audit was to determine whether the FDIC had made reasonable progress in implementing the GLBA Title V privacy provisions.

Footnote 8:  Section 501(b), Disclosure of Nonpublic Personal Information, requires each agency to establish appropriate standards for the financial institutions under their jurisdiction relating to administrative, technical, and physical safeguards. Specifically, the standards are to (1) ensure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of such records; and (3) protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer. On February 1, 2001, the federal banking regulators issued a final rule under FDIC Rules and Regulations Part 364, Standards for Safety and Soundness, Appendix B, Interagency Guidelines Establishing Standards for Safeguarding Customer Information. On August 28, 2001, the FDIC issued Regional Directors Memorandum (RDM) 2001-032, Examination Procedures to Evaluate Customer Information Safeguards, to distribute examination procedures to determine compliance with Appendix B to Part 364.

Footnote 9:  VoIP refers to the delivery of traditional telephone voice communications over the Internet.

Footnote 10:  The FFIEC, established in March 1979, is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the FDIC, NCUA, Office of the Comptroller of the Currency, and Office of Thrift Supervision and to make recommendations to promote uniformity in the supervision of financial institutions.

Footnote 11:  The goals are stated in the FDIC 2005-2010 Strategic Plan and the FDIC 2005 Annual Performance Plan.

Footnote 12:  The FDIC periodically publishes Consumer Alerts on its Web site to provide consumers information on emerging and continuing issues, including fraudulent efforts to obtain consumer information and on new laws that provide consumers with new opportunities or protections. The most recent Consumer Alerts topics include phishing scams, identity theft, and the Check Clearing for the 21st Century Act, FACT Act, and GLBA.

Footnote 13:  Under Subtitle A, the term “affiliate” means any company that controls, is controlled by, or is under common control with another company.

Footnote 14:  Part 332 applies to financial institutions for which the FDIC has primary supervisory authority, including state-charted institutions that are not members of the Federal Reserve System, insured state branches of foreign banks, and certain subsidiaries of such entities.