The regulators did not provide any model contract language, so what you use will depend on your preferred way of approaching a contractual matter like this. Some experts would advocate putting the clause in context by including other information about the background of the privacy protections under GLB. Others would say that all you need is the language that actually restricts the further dissemination of the customer's information. At a minimum, you will need to be very clear about exactly what information is at issue. You can describe it by category and give examples (as you will do in your privacy notices). I think it wouldn't hurt to say, "as required by subsection ___.13 of the GLB privacy rules. . ." You would want to use the actual citation from your regulatory agency's rule. (12 CFR 40.13 for OCC, 12 CFR216.13 for FRB, 12 CFR 332.13 for FDIC, 12 CFR 573.13 for OTS.) Then, I would suggest closely tracking the language in the actual rule to describe what is prohibited, such as:________ (the joint marketer) understands and agrees that it is prohibited under the terms of this contract, (in accordance with 12 CFR 332.13) from disclosing or using the following nonpublic personal information of our customers (and consumers, if applicable!) in any manner other than to carry out the purposes for which the bank disclosed the information, including use under an exception in 12 CFR 332.14 or 332.15 in the ordinary course of business to carry out those purposes. [then you would list the categories and examples of NPI covered and you would describe the purposes for which you disclosed it.]
First published on BankersOnline.com 2/5/01
Privacy & Joint Marketing: Specific Contract Language
Question:
In order to use Exception 40.13 in the Privacy Reg, specific language has to be in the contract with the institution you will be joint marketing information. Is there specific language that is to be used in order to meet this?
Answer: