You may not know this, but as the customer of an accountant, accounting firm or tax-return preparer, you are entitled to certain privacy rights when it comes to the disclosure of your personal information.

To legally ensure the protection of your privacy, The Federal Trade Commission recently published The Gramm-Leach-Bliley (GLB) Act, which became effective as of November 13, 2000. The Act establishes federal regulations regarding the disclosure of your personal financial information by financial institutions like those listed above. These institutions are formally defined by the Act as any "person, business or firm preparing an individual's tax return or providing financial, economic or investment advisory advice to an individual."

The GLB Act is, however, limited only to individual customers who use the financial institution's services or products primarily for personal, family or household purposes. If you used that same institution's services for a business or organizational purpose, this Act would not apply to you.

What does the Gramm-Leach-Bliley Act mean to you?
The Act states that each institution "has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality" of their nonpublic information. What this means is that your accountant, accounting firm or tax preparer must officially adopt a policy regarding the privacy of your "nonpublic" personal information and then notify you of this policy no later than July 1, 2001, whether or not they are even participating in third party disclosure statements. This notification must be provided to you annually and is required to contain:

1. An outline of the institutions policies, describing the conditions under which nonpublic personal information will or may be disclosed to nonaffiliated third parties.
2. An opportunity to "opt out" of any disclosure of such information if that is your preference.
3. A reasonable means by which you may "opt out" of disclosure, such as check-off boxes, a reply form, a toll-free number to call, or an e-mail address to reply to.
4. A reasonable period of time to "opt out" before the information is disclosed.

What constitutes "nonpublic" personal information?
Nonpublic personal information is defined in the Act as "personally identifiable financial information" that is (1) provided by a consumer to a financial institution; (2) resulting from any transaction with the consumer or any service performed for the consumer; or (3) otherwise obtained by the financial institution. This could include your bank or credit account numbers or balance information, credit or debit card purchase information, anything found on your consumer report or any information that states that you have been the customer of a particular financial institution.

The Act also includes in the definition any "list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any nonpublic personal information other than publicly available." What this means is that if you are on a list of names or addresses that was derived from any account number you hold, and that account number is not publicly available, this list would be considered "nonpublic" information. But a list of names and addresses derived from a public source, such as a telephone book, would be considered "public" personal information.

Who is considered a "nonaffiliated" third party?
The GLB Act regulates the sharing of information with "nonaffiliated" third parties. The Act does not, however, restrict the disclosure of information within an organization or to affiliates who are tied together through common control, i.e., a bank holding company or a financial holding company.

An "affiliate" is defined as a company which "controls," is "controlled" by, or under common "control" with another company. "Control" is generally defined as ownership, control, or power to vote 25% or more of the outstanding shares of any class of voting shares of a company or as the power to exercise a controlling influence over the management or policies of the company. So by contrast, a general definition of a "nonaffiliated third party" is anyone who is not considered to be an affiliate of the financial institution you use.

An example would be if a major partner in the accounting firm you deal with also owned over 25% of the stock in a banking institution, the banking institution would be considered an "affiliate" and your financial information could be shared with that bank by your accountant without your permission. On the other hand, if the major partner in the accounting firm only owned 10% of the bank's stock, or none at all, the bank would be a "nonaffiliated third party" and the accountant would need your permission to share any of your nonpublic personal information with that bank.

Where can you get more information?
If you're interested in finding out more about your privacy rights, a detailed compliance summary of the Gramm-Leach-Bliley Act is available online at www.greatland.com/privacy . The summary contains definitions and examples intended to provide guidance on how the regulations would apply in specific cases. While there is not an example for every potential case, these cases can be helpful in clearing up any questions you may have regarding your own rights.

Back to In The News