About the AG

  • Subscribe to the AG's RSS Feed
  • Join the AG's FaceBook
  • Follow the AG on Twitter
  • View the AG's YouTube Channel
  • View the AG's Tumblr Page

Your Financial Privacy Rights

Get control of your financial information

Controlling your personal information is an important part of personal privacy. Personal financial information is among the most sensitive of all personal information. Personal financial information includes what you put on an application for a loan or credit card, your account balances, your payment history, your overdraft history, and where you make purchases by debit or credit card. In some instances, it can even include medical information.

You have rights

California and federal laws allow consumers to put limits on what banks and other financial companies can do with your personal financial information1 California law gives you more rights to limit the sharing of your personal financial information. The laws apply to banks, credit unions, savings and loans, credit card companies, insurance companies and other financial service companies.2

When they have to ask you first

Under California law, financial service companies must get your permission first, before they can share your personal financial information with outside companies. This does not apply to sharing with outside companies that offer financial products or services. You have a right to "opt out" of information sharing with outside companies for those purposes. See below for more on how to opt out.

Notices sent to consumers

Both state and federal laws require financial companies to notify their customers of their privacy rights every year. The first federal notices were often written in legal language that was hard to understand, but some companies have improved their notices since then.3 California law requires a notice that is clear and easy to read. The California notice, titled "Important Privacy Choices for Consumers," lets you check off your choices on the sharing of your personal information. You may receive the California financial privacy notice enclosed with the federal notice, or it may come separately.4

When you can say no

California law lets you tell your bank and other financial companies that you do not want them to share your personal financial information in some cases. You can say no to, or opt out of, having your information shared with outside companies that offer financial products or services. You also have the right to opt out of some information sharing with some companies owned or controlled by your financial company (called "affiliates").5

How to say no, or how to "opt out."

"Opting out" means that if you say "no," then the company must follow your wishes. But if you say nothing, if you do not opt out, then the company is free to share your information. It's easy to opt out on the California "Important Privacy Choices for Consumers" form. Simply check the boxes to indicate your choices and mail the form in the pre-addressed envelope provided. The company may also allow you to opt out by e-mail or by calling a toll-free phone number. It is still a good idea to mail in the form to create a record of your action. You do not have to opt out every year. Your financial institutions must continue to follow your opt-out decision until you change it.

It's not too late

It's never too late to opt-out, even if you did not reply to the privacy notices right away. If you didn't reply within 45 days, then your financial company may have already started sharing your information. But you have a continuing right to opt out and you can prevent future sharing of more current information.

What if you think your privacy rights were violated?

You can make a complaint under the California law to the California Attorney General or to a state or federal agency that regulates financial companies. The agency may investigate your complaint and may take action against the financial company. But the agency can't represent you. You may also file a complaint under the federal law with a federal agency.6

Before filing a complaint, consider writing a letter to the financial company. In your letter, explain why you think the company violated the law and what you would like it to do for you. Ask for a specific response within a reasonable time (for example, 30 days).

State Government Agencies

The following state government agencies can enforce the privacy protections in the California Financial Information Privacy Act.

California Department of Insurance

Regulates insurance industry in California. Enforces both federal and state privacy laws.

Department of Insurance
Consumer Communications Bureau
300 So. Spring St.
Los Angeles, CA 90013

800-927-HELP (927-4357)
213-897-8921
www.insurance.ca.gov
e-mail: 927HELP@insurance.ca.gov

California Department of Financial Institutions

Regulates banks, savings associations, credit unions, commercial lending companies, issuers of travelers check, transmitters of money abroad and others.

Department of Financial Institutions
Consumer Services
1810 13th Street
Sacramento, CA 95814

1-800-622-0620
www.dfi.ca.gov

California Department of Corporations

Regulates investment brokers and dealers, investment companies, investment advisors, residential mortgage lenders, and finance lenders.

Department of Corporations
Consumer Services Office
1515 K Street, Suite 200
Sacramento, CA 95814

1-866-ASK-CORP (275-2677)
www.corp.ca.gov/Forms/Complaint.asp

California Office of Attorney General

Enforces privacy law on financial service companies not regulated by the state financial regulators.

Office of Attorney General
California Department of Justice
Attn: Public Inquiry Unit
P.O. Box 944255
Sacramento, CA 94244-2550

1-800-952-5225
oag.ca.gov/consumers/general

Federal Government Agencies

The following federal government agencies can enforce the privacy protections in the federal and state laws listed above.

Federal Trade Commission

Investigates consumer fraud outside the jurisdiction of other federal agencies.

FTC, Bureau of Consumer Protection
CRC-240
Washington, DC 20580

877-FTC-HELP (877-382-4357)
www.ftc.gov/bcp/index.shtml
email: consumerline@ftc.gov

Federal Reserve Board

Regulates banks other than national banks and branches of foreign banks.

Federal Reserve
Consumer & Community Affairs
20th & C Streets, NW Stop 801
Washington, D.C. 20551

202-452-3693
www.federalreserveconsumerhelp.gov/?District=13

Office of the Comptroller of the Currency

Regulates national banks and branches of foreign banks.

OCC, Customer Assistance Group
1301 McKinley St., Suite 3710
Houston, TX 77010

800-613-6743
www.occ.gov/topics/consumer-protection/index-consumer-protection.html
email: customer.assistance@occ.treas.gov

Office of Thrift Supervision

Regulates federal savings associations and savings banks and state-chartered savings associations.

OTS, Consumer Complaints
1700 G Street, NW
Washington, DC 20552

800-842-6929
www.ots.treas.gov/?p=ConsumerComplaintsInquiries
email: consumer.complaint@ots.treas.gov

Securities and Exchange Commission

Oversees stock exchanges, broker-dealers and associates, and investment advisers.

SEC Complaint Center
Investor Education & Assistance
450 Fifth St., NW
Washington, DC 20549

202-942-7040
www.sec.gov/complaint/select.shtml

National Credit Union Administration

Regulates federal credit unions.

GLB & FCRA Address:
NCUA
Director, Division of Supervision
2300 Clayton Rd., Suite 1350
Concord, CA 94520

www.ncua.gov/Resources/FraudAlert/index.aspx

Notes

1The Financial Services Modernization Act, or Gramm-Leach-Bliley Act, 15 U.S. Code §§ 6801-6810. Known as the "GLB Act," the law allows financial institutions, insurance companies and investment companies to merge, becoming what have been called "one-stop financial supermarkets." It also provides some consumer privacy rights and requires security safeguards for personal information. The California Financial Information Privacy Act (FIPA), Financial Code §§ 4050-4060, gives California consumers additional rights to limit the sharing of their personal financial information by financial service companies doing business in California. Back to link 1

2The GLB Act and FIPA consider a broad array of businesses to be "financial institutions," including, for example, retailers that issue their own credit cards directly to consumers, real estate appraisers, mortgage brokers, career counselors in the finance area, check printing businesses, and accountants who prepare tax returns. Back to link 2

3The federal GLB Act privacy notices are required to include the following information: how the customer's personal financial information is collected, how the customer's information is used, and how the customer could "opt-out" or choose not to have personal financial information shared with some outside or "third-party" companies. Back to link 3

4FIPA requires the notice, among other things, to be on a single page; be titled "Important Privacy Choices for Consumers;" use the headers, if applicable, "Restrict Information Sharing With Companies We Own Or Control (Affiliates)" and "Restrict Information Sharing With Other Companies We Do Business With To Provide Financial Products And Services"; use text in no smaller than 10-point type; provide choices that may be selected by checking a box; use sentences averaging 15 to 20 words or bullet lists where possible; and avoid multiple negatives, legal terminology and highly technical terminology whenever possible. See Financial Code § 4053(d)(1) for details. Back to link 4

5The affiliate sharing provisions of FIPA are being contested in court and may be ruled as preempted by federal law. FIPA provides an opt-out right over sharing with affiliates other than those affiliated companies that are regulated by the same functional regulator, engaged in the same line of business and share a common brand. If the California provision were preempted, then the limited opt-out right in the federal Fair Credit Reporting Act (FCRA) would apply. The FCRA allows a consumer to opt out of having "creditworthiness information" shared with affiliates. This is information such as payment history and credit score. Federal law does not allow consumers to stop a company from sharing the more sensitive "transaction and experience information" with affiliates. Transaction and experience information includes, for example, what items are charged on a credit card. Back to link 5

6You can't go to court to sue the company under FIPA or the GLB Act. Under the FCRA, you have the right to sue a credit reporting agency in federal or state court. You could recover damages from violators of the FCRA. Back to link 6

This fact sheet is for informational purposes and should not be construed as legal advice or as policy of the State of California. If you want advice on a particular case, you should consult an attorney or other expert. The fact sheet may be copied, if (1) the meaning of the copied text is not changed or misrepresented, (2) credit is given to the California Department of Justice, and (3) all copies are distributed free of charge.

Megan's Law

California Registered Sex Offender Database

Search Now

Megan's Law information is also available in these languages:

Site Navigation

Translate Website

  • Google™ Translation Disclaimer

This Google™ translation feature is provided for informational purposes only.

The Office of the Attorney General is unable to guarantee the accuracy of this translation and is therefore not liable for any inaccurate information resulting from the translation application tool.

Please consult with a translator for accuracy if you are relying on the translation or are using this site for official business.

If you have any questions please contact:Bilingual Services Program at (916) 324-5482

A copy of this disclaimer can also be found on our Disclaimer page.

Select a Language Below / Seleccione el Idioma Abajo

Close this box or use the [ X ]