Download the Code of Federal Regulations in XML.
The Electronic Code of Federal Regulations (e-CFR) is a regularly updated, unofficial editorial compilation of CFR material and Federal Register amendments produced by the National Archives and Records Administration's Office of the Federal Register (OFR) and the Government Printing Office.
Parallel Table of Authorities and Rules for the Code of Federal Regulations and the United States Code
Text | PDF
Find, review, and submit comments on Federal rules that are open for comment and published in the Federal Register using Regulations.gov.
Purchase individual CFR titles from the U.S. Government Online Bookstore.
Find issues of the CFR (including issues prior to 1996) at a local Federal depository library.
Electronic Code of Federal Regulations
Title 12: Banks and Banking
§216.15 Other exceptions to notice and opt out requirements.
(a) Exceptions to opt out requirements. The requirements for initial notice in §216.4(a)(2), for the opt out in §§216.7 and 216.10, and for service providers and joint marketing in §216.13 do not apply when you disclose nonpublic personal information:
(1) With the consent or at the direction of the consumer, provided that the consumer has not revoked the consent or direction;
(2)(i) To protect the confidentiality or security of your records pertaining to the consumer, service, product, or transaction;
(ii) To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability;
(iii) For required institutional risk control or for resolving consumer disputes or inquiries;
(iv) To persons holding a legal or beneficial interest relating to the consumer; or
(v) To persons acting in a fiduciary or representative capacity on behalf of the consumer;
(3) To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating you, persons that are assessing your compliance with industry standards, and your attorneys, accountants, and auditors;
(4) To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies (including a federal functional regulator, the Secretary of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records and Reports on Monetary Instruments and Transactions) and 12 U.S.C. Chapter 21 (Financial Recordkeeping), a State insurance authority, with respect to any person domiciled in that insurance authority's State that is engaged in providing insurance, and the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety;
(5)(i) To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), or
(ii) From a consumer report reported by a consumer reporting agency;
(6) In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of such business or unit; or
(7)(i) To comply with Federal, State, or local laws, rules and other applicable legal requirements;
(ii) To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by Federal, State, or local authorities; or
(iii) To respond to judicial process or government regulatory authorities having jurisdiction over you for examination, compliance, or other purposes as authorized by law.
(b) Examples of consent and revocation of consent. (1) A consumer may specifically consent to your disclosure to a nonaffiliated insurance company of the fact that the consumer has applied to you for a mortgage so that the insurance company can offer homeowner's insurance to the consumer.
(2) A consumer may revoke consent by subsequently exercising the right to opt out of future disclosures of nonpublic personal information as permitted under §216.7(f).