This is a user sandbox of Angryflyingdolphins. You can use it for testing or practicing edits. This is not the place where you work on your assigned article for a dashboard.wikiedu.org course. Visit your Dashboard course page and follow the links for your assigned article in the My Articles section. Get Help

== Article Bibliography ==

1. Benoit Michael A. and Nicole Munro. 2001. “Recent federal privacy initiatives affecting the electronic delivery of financial services.” The Business Lawyer 56(3):1143-56.
   • “Recent Federal Privacy Initiatives Affecting the Electronic Delivery of Financial Services” by Michael A. Benoit and Nicole Munro discusses the Gramm-Leach-Bliley Act (GLB) and its effect on online financial services. According to the authors, GLB is a very broad act that was passed to undo depression era regulations. However, due to the increasing relevance of e-commerce and the ability to manipulate information from the internet, the act was expanded to include stronger financial privacy regulations. Much of the privacy aspect of the act revolved around Title V of the act which required financial institutions to notify customers about their privacy policies, inform customers about the conditions in which their information would be shared with unaffiliated parties, and give customers a way to prevent their information from being disclosed. However, there are exemptions to each of the three fundamental rules. For example, if customer data is used for marketing by the customer’s financial institution, then the data can be disclosed without ever notifying the customer. Information disclosures are also automatically allowed if the data in question is used for an investigation regarding public safety. In another case, if a single financial product is owned by two or more parties, then the financial institutions are only required to notify one of the parties. Since Title V of the GLB Act is so broad, the FTC is worried that the law would be too powerful. Hoping to alleviate their concerns, the agency recommended the creation of an implementation agency that would provide detailed interpretations of Title V. The authors concluded that Title V of the GLB Act was the beginning of a wave of financial privacy regulations and that there would be a need for more defined regulations. The content in this article is reliable as all the information was gathered from primary sources from the government. The authors were unbiased as the content was only summarized and provided without opinion. The content was easy to read, and its target was scholars and analysts looking at privacy laws. This source will help provide an outline for my article since Title V of the Gramm-Leach-Bliley Act is one of the most influential financial privacy laws.
2. Cuaresma, Jolina C. 2002. “The Gramm-Leach-Bliley Act.” Berkeley Technology Law Journal 17(1):497-517.
   • “The Gramm-Leach-Bliley Act” by Jolina C. Cuaresma discusses The Gramm-Leach-Bliley Act (GLB) and its effects on the finance industry. Cuaresma explains that the GLB effectively ended depression era regulations which allowed financial institutions of different practices to merge. Mergers meant that financial information could be shared with new levels of efficiency. To combat that, privacy regulations were put in place in the form of GLB. GLB limits the ways in which companies handle and share consumer data. Information protection is elaborated in three sections. The first section forces companies to create privacy policies, the second section requires companies to disclose their privacy policies, and the third section bans the sharing of information with outside actors with a few exceptions. Although the regulations put forth by GLB seem effective, Cuaresma explains why they are not. She claims that the act provides only some protection due to the broad and undefined language in the act. Without clear explanation, regulation is open to interpretation which may work against consumers.  She also claims that being informed about privacy policies does not protect consumers as the policies are often intentionally complex and convoluted to prevent consumer understanding.  Consumers are also not empowered enough to do anything if financial institutions refuse to comply. There are also no rules in the act that punish financial institutions noncompliance. As a result of all the holes in the act, Cuaresma concludes that financial institutions still hold leverage when it comes to financial privacy. This source is very reliable as it was written by a UC Berkeley Law lecturer for a peer reviewed journal. All the sources the author used came directly from the government or scholarly articles. The article was intended for policy and privacy researchers. There is no bias as criticisms were drawn from studies done on the policy. This source changed my view on the GLB Act as the regulation has little to no effect. This article is somewhat useful. I already knew most of the facts presented in this article. However, there are some new, valid criticism that would work well in a criticism subsection in my article.
3. Doheny, Donald A. Sr. and John Graydon Forrer. 1992. “Electronic Access to Account Information and Financial Privacy.” Banking Law Journal 109(5):436-455.
   • “Electronic Access to Account Information and Financial Privacy” by Donald A. Doheny Sr. and John Graydon Forrer examines how developments throughout the world has allowed easy electronic access to account information and how financial privacy has evolved to better protect consumers. According to the authors, two significant threats to financial privacy has been snooping and scamming. The ability to transfer funds electronically has sacrificed security, which has given third parties the ability to snoop on other people’s lives. Telemarketing has also allowed scamming as malicious actors scam unknowing consumers for their account information. The authors go on to state that the banks have a duty of secrecy as its contracts with depositors clearly says that the financial institution will only disclose consumer information if the law requires it or the consumer provides consent. The court also clarifies 4 situations in which banks can release information. First is when the law requests the information, second is when it is for duty to the public, third is when it is in the interest of the bank, and fourth is when the depositor allows it. Court opinions have also ruled that bank records would not be admitted by the court as evidence, formal requests are needed to disclose information, and that depositors must receive notification if their information is used by nonemployees. Regarding financial privacy laws, the authors claim that the Right to Financial Privacy Act was in response to the supreme court United States v. Miller ruling. The act limited the government’s access to financial information. However, the act still allowed a lot of access as the government can access financial records if the depositor grants access, if the information is subpoenaed, if there is a search warrant for the information, and if there is a formal written request for the information. The act also allows any agency or department of the US government to request access. The authors also discuss the Electronic Funds Transfer Act requires that banks notify depositors of their policies regarding electronic transfer of funds and a model statement is provided by the act. The act also gives states the ability to enact better protection. A few other details are explained by the two authors. Banks are liable in the event that information is disclosed without consent through telephone and if they are also responsible for any damages resulting for unauthorized access to a depositor’s data. This article is very reliable as all the sources used are primary sources from the government. There is no bias as no specific position was taken and argued for. The intended audience is most likely lawyers, policy researchers, and privacy researchers. There was nothing in the article that changed my view on my topic, but this article will be extremely useful. The article provides great information regarding bank secrecy, the Financial Right to Privacy Act, and Electronic Funds Transfer Act.
4. Duke Law Journal. 1972. “The Fair Credit Reporting Act: Are Business Credit Reports Regulated?” Duke Law Journal 1971(6):1229-1251.
   • “The Fair Credit Reporting Act: Are Business Credit Reports Regulated?” by the Duke Law Journal gives a comprehensive overview of how the act works. The authors state that at its core, The Fair Credit Reporting Act (FRCA) attempts to regulate credit reporting agencies to promote fair and secure handling of consumer data. Each FRCA provision attempts to ensure consumer privacy or transparency. If a consumer is affected by the contents of their credit report, the report user must notify the consumer so that he or she can receive their file with a mandatory explanation of their file by the reporting agency. According to the authors, information can be contested. In the event of a mistake, the agency must investigate, and if proven wrong, they must remove the information. The FRCA states that obsolete information cannot be investigated and included in reports and information that is seven years or older must be deleted. In the case of bankruptcies, it would take 14 years before removal. Potential users must also have “legitimate business” in order to request a report. To promote FRCA compliance, enforcements have been put into place. The authors explain that acquiring a report under false pretenses or unauthorized access to a file would be considered a criminal offense. Reporting agencies and report users are also held liable in the event of noncompliance to the act. Under the FRCA, the affected consumer is entitled to reparations as a result of any damages. Also, the responsibility of enforcement is given to the FTC and eight other separate government agencies. This source is reliable as the author listed is the actual peer reviewed journal itself. The sources used were all primary sources from the government. There was no bias since no position or criticism was provided. The intended audience are policy researchers and privacy researchers. There was nothing in this article that changed my view. This source will be extremely useful to my article. It is the only source I have found so far that provides a detailed, comprehensive look into the FRCA. The article has a myriad of footnotes that refer back to specific sections of the act, and the authors have provided annotations for many of the act’s sections. It also clarifies a lot of wording in the actual act that would have been open to interpretation by readers.
5. Duncan, Laurie and Bruce K. Riordan. 1987. "Banking Disclosures, Financial Privacy, and the Public Interest." Annual Review of Banking Law 6(1):391-412.
   • “Banking Disclosures, Financial Privacy, and the Public Interest” by Laurie Duncan and Bruce K. Riordan analyzes doctrines of confidentiality and disclosure, categorization of bank information, and threats to the right to privacy of personal financial information. The authors begin the article with a section explaining the doctrines of confidentiality and disclosure. The doctrine of confidentiality is the idea that the financial system is built upon confidence from consumers. Without said confidence the system would crumble. However, confidence would be nonexistent without confidentiality between financial institution and consumer. The doctrine of disclosure is recognized as the public’s interest in the disclosure of information regarding financial institutions themselves. The next section in the article deals with the categorization of bank information. The article explains the categorization through the disclosure of financial information. Since it is necessary to provide financial information to the public, a proposal was set forth to create a system in which reports from financial institutions would be release annually, quarterly, and currently. The reports would only share information regarding the state of business, property, financial condition of the institution, and any concerning litigations that the bank is involved in. The authors then continue to explain categorization through non-disclosure of personal financial information. Banks require that clients disclose certain personal information in order to protect their interests as well as the client. In that scenario, the consumers would be disclosing to the bank. However, if the bank were to disclose the information shared with them, then they would violate legislation that ensures consumers’ right to privacy. In the final part of the article, Duncan and Riordan point out problems with the creation of categories as. When banks disclose financial information to promote confidence, they cannot include information categorized as personal. A problem is created in those situations because it is unclear what should be identified as financial information or personal information in the eyes of financial institutions. Another problem is that there are no regulations in place that enforce what should and should not be disclosed as bank information. There should be regulations implemented that effectively defines and categorizes certain information held by financial institutions. This source is reliable as the two authors provide no bias throughout the article. The sources used to write the article are either directly from the government or from other peer reviewed articles. The audience for this article is bankers, public policy researchers, and privacy researchers. This article did not provide any information or new perspective that changed my view on my topic. This source is also not that useful. It provides analysis on financial privacy, but it is all irrelevant to what I am trying to achieve with my Wikipedia page.
6. Garon, Lenore Cooper. 1972. “Protecting privacy in credit reporting [contends that the Fair credit reporting act makes insufficient provisions for the protection of individual privacy].” Stanford Law Review 24(1):550-567.
   • “Protecting privacy in credit reporting” by Lenore Cooper Garon explores the ways in which the Fair Credit Reporting Act (FRCA) succeeds and fails in maintaining financial privacy. Garon begins by defining the FRCA as an act enacted to regulate credit agencies and prevent harmful practices. According to Garon, there are two types of credit agencies. Credit bureaus create reports that are used by financial services providers to determine if a consumer is eligible for credit. Credit reporting bureaus create what is known as “investigative” reports that detail private information ranging from family and sexual preferences to high school attendance and political behavior. The investigate reports are for potential employers, landlords, etc. Garon claims that credit agencies affect privacy through the sharing of information as it creates societal and personal problems like discrimination and embarrassment. The FRCA attempts to regulate the dissemination of information through five rules. The first rule requires that credit reports and investigative reports are differentiated so there is no mixing of irrelevant information. The second rule states that reports are only available to those with “legitimate business needs.” The third rule states that the subject of the report must be notified of any request for their information. The fourth rule requires agencies to allow consumers access to their own files. The fifth rule enacts a time limit on the retention of information. Despite the FRCA’s efforts to promote privacy, Garon claims there are many holes in the Act. He explains that the act only limits the sharing of consumer information, but not the collection of it. The act is also written in very broad language which may lead to loopholes depending on interpretation. In the end, Garcon believes that while the act is a step in the right direction, there is still no meaningful change. This source is reliable as it was written by a lawyer who specializes in research. The article itself is also written using reliable sources and is part of a peer reviewed journal. It is unbiased as it only presents facts and is intended for policy makers and privacy researchers. The article did not change my view, but it did inform me on the differences in credit agencies and how they report information. This source will be very useful for my research as the article explores how credit regulation relates to privacy in detail.  
7. Green, Mary Catherine. 1989. “The Bank Secrecy Act and the Common Law: In Search of Financial Privacy.” 7(2):261-286.  
   • “The Bank Secrecy Act and the Common Law: In Search of Financial Privacy” by Mary Catherine Green examines the Bank Secrecy Act and its effects. The article begins by explaining the history of the Bank Secrecy Act. The act in response to people hiding income and to the practice of photocopying items used in criminal investigations. The act was then adopted and included three titles. Only the first two titles were discussed in the article. Title 1 required that financial institutions maintain records for six years. Title 2 which is also known as the Currency and Foreign Transactions Reporting Act requires institutions that are regulated by this act to file forms and maintain detailed records. In the next section, the authors discuss the constitutionality of the act. The act was subject to many litigations and as the Supreme court reviewed the law, fourth and fifth amendment challenges to the act were rejected. The article then reveals that the Right to Financial Privacy Act was passed to supplement the Bank Secrecy Act. The Right to Financial Privacy Act put forth exceptions dealing with records but still maintained the Bank Secrecy Act. The Bank Secrecy Act was later amended to strengthen punishment and promote enforcement. According to Green, The Crime Control Act of 1984, Anti-Drug Abuse Act of 1986, and Subtitle H-Money Laundering Control Act of 1986 amended the Bank Secrecy Act by allowing more power to combat financial crimes. The Right to Financial Privacy Act also underwent two amendments. The first amendment allowed the sharing of consumer information if the institution was suspicious of the consumer violating the Bank Secrecy Act. The second amendment allowed interagency transfer of financial information to the Office of the Attorney General. The final section of the article compares federal and state laws. Differences in the filing of records and reports as well as differences in the interpretation of constitutional right to privacy in financial records were found. This article is very reliable since it does not use any biased sources to support its work. There was no bias presented as there was no criticisms or position taken in the article. The intended audience for the source are lawyers, policy researchers, and privacy researchers. The article did not change my view, but it will be very useful for my page. The article was very comprehensive as it broke down the most important parts of the laws. It also gave me detail descriptions of the amendments and effects of each act. 
8. Hickerson, Kristina A.K. 2001. “CONSUMER PRIVACY PROTECTION: A CALL FOR REFORM IN AN ERA OF FINANCIAL SERVICES MODERNIZATION.” Administrative Law Review 53(2):781-801.
   • “Consumer Privacy Protection: A Call for Reform in an Era of Financial Services Modernization” by Kristina A.K. Hickerson analyzes consumer privacy reforms through the Gramm-Leach-Bliley Act (GLB) and the Health Insurance Portability and Accountability Act (HIPAA). Hickerson explains that the passing of GLB was in part a response to the repealing of the Glass-Stegall Act. As a result of the repeal, financial institutions that were once separated by law began merging which endangered the privacy of consumers. The intent of GLB was to simply protect consumer financial privacy. To ensure financial institutions were following the rules, financial agencies like the FDIC, FTC, etc., were given the responsibility of defining and enforcing the rules. The agencies implemented three rules based on GLB. The three rules forced financial institutions to inform consumers about the company’s privacy policy, the conditions in which their information can be shared, and about an opt-out option. Hickerson then goes on to examine why protecting financial privacy is so important. Hickerson also uses HIPAA as a model of privacy protection as she states that financial privacy regulations should follow the HIPAA’s opt-in rule. She explains that an opt-in rule instead of an opt-out would be more effect since consumers do not read the terms and conditions. Often times consumers are left unaware that an opt-out rule is even in place. If consumers feel comfortable with financial institutions sharing their information, then they should only have to opt-in. She concludes her article by saying that the ever-evolving financial system will only continue to expose more consumer information. The only way to combat privacy breaches is with more effective regulations. This article is reliable as all the sources used to write it came directly from the government. The article is also peer reviewed and published by the American Bar Association. There is not much bias aside from the fact that her argument for more regulation may lean slightly towards one political side. The intended audience is most likely researchers, lawyers, and consumers concerned with their financial privacy. This source changed how I view the opt-out rule within the Gramm-Leach-Bliley Act. There are great points on why consumers should be given the ability to opt into programs that share instead of having to manually opt out of such programs as a result of company policies automatically opting them in beforehand. The source will be very useful to my research. It not only provides more detailed information on GLB, but it also introduced to me how the HIPAA relates to financial privacy. 
9. Huber, Elizabeth A. and Elena A. Lovoy. 2004. “Update on State Consumer Financial Privacy Legislation and Regulation.” The Business Lawyer 59(3):1227-40.
   • “Update on State Consumer Financial Privacy Legislation and Regulation” by Elizabeth A. Huber and Elena A. Lovoy provides a brief review of financial privacy laws at the state level. Much of the article focuses on the California Privacy Act as it was at the time, a recent legislation. The authors begin by describing the California Privacy Act as stricter than the Gramm-Leach-Bliley Act, but with more sharing exceptions. California’s privacy act provides a better-defined definition of financial institutions. As a result, only institutions “significantly engaged in financial activities” are regulated under the act. The authors explain that instead of an opt-out rule, the California act has an opt-in rule that gives more power to consumers. However, those who entered contracts before the act was passed can have their information shared without consent if they do not manually opt out. Financial information is also required to stay within one entity as it cannot be shared with affiliates of the same system. There are exceptions to the rules in the act though. Institutions that share the same regulator are able to exchange information without consumer consent and information may be given out to comply with legal proceedings without notifying consumers. However, the act provides rules that fine financial institutions for noncompliance. The authors state that violations would result in a maximum penalty of $500,000 which could also be doubled in the event of identity theft. The authors also briefly discuss state financial privacy laws in Vermont and Illinois. Vermont privacy provisions of the Vermont Law includes three laws that require consent before sharing consumer data. Illinois also has privacy laws that come before federal law due to its strictness. The core concept of the law is that consumer have an opt-in option instead of an opt-out one. This source is reliable and unbiased as it is only presenting facts gathered from policy analysis without taking any critical position. The authors do not take a position and they do not provide any criticisms regarding the regulations. The intended audience are policymakers and lawyers who are researching developments in past regulations. Nothing in the article changed my view on the topic. Unfortunately, this source will not be very useful to me. Although the information provided did inform me of the existence of some state level financial privacy laws, all the state laws are extremely similar to the GLB act. Other than the fact that state level laws are stricter in their regulations, there is not much useful information that adds to my understanding of the topic.
10. Huizinga, James A. and Patrick K. O’Keefe. 2003.“Recent Developments Under the Fair Credit Reporting Act.” The Business Lawyer 58(3):1137-1148.
    • “Recent Developments Under the Fair Credit Reporting Act” by James A. Huizinga and Patrick K. O’Keefe provides an update on changes to the Fair Credit Reporting Act (FCRA). The article begins the authors state that the TRW Inc. v. Andrews case regarding statute of limitations of violations has led to congressional response. Amendments have been proposed to define the beginning of limitations as the moment the mistake is found and to extend the limitations in situations of identity theft. The authors go on to explain that an issue regarding the Tran Union practices with target marketing lists were considered to be in violation of FRCA. The matter was later resolved as a court ruling determined that the Trans Union could not sell their lists to marketers. The article then begins to discuss the application of the Gramm-Leach-Bliley Act (GLBA) to the credit agencies regulated by the FRCA. The court case, Trans Union LLC v. FTC, helped clarify that financial institutions defined by the GLBA included credit agencies. Later, Trans Union, a credit agency, argued that header information was not financial information. However, the court later ruled that the GLBA’s definition of financial information included any information needed to provide a financial product or service. Trans Union also argued against GLBA’s reuse limitation but failed as the court ruled that the argument was not “ripe.” The authors then discuss attorney fees as outlined by the FRCA. After multiple court cases, it was concluded that attorneys would receive an award if awards for any damages were given out. The article also explains what constitutes as a reason to access credit reports that were connected to a commercial transaction. It was concluded that in situations where credit was extended, access to reports were allowed. The article concludes as the authors discuss four developments regarding FCRA. The first development was that the definition of consumer report was edited and that obligations were implemented for consumers providing information to agencies. Second, the FTC began enforcing the FRCA more strictly. Third, legislation was proposed to require an insured depository institution that notifies consumers, so they can verify information about them. This article is reliable and unbiased as no criticism is provided and the sources used were from the government. The intended audience is for policy researchers. This article will not be of much use to me. Although it does provide information on some changes to the FRCA, the explanations are somehow both convoluted and vague. There is not much information that relates to financial privacy as well.
11. Jones, Sarah Elizabeth. 1988. “Right to Financial Privacy: Emerging Standards of Bank Compliance.” Banking Law Journal 105(1):37-51.
    • “Right to Financial Privacy: Emerging Standards of Bank Compliance” by Sarah Elizabeth Jones analyzes state and federal laws that deal with protecting consumers’ financial information. The article begins by examining Federal legislation like the Right to Financial Privacy Act of 1978 (RFPA). The RFPA requires that the government receive consent or delivers a legal notice to consumers before they can access the consumers’ financial information. The Bank Secrecy Act of 1970 (BSA) gave Treasury the ability to consolidate bank records so that the information could serve in legal proceedings. As a result of the act, financial institutions are required to maintain consumer records with an emphasis on international transactions. The RFPA and BSA were later amended to make criminal investigation and prosecutions easier. The article then focuses on two amendments specific to RFPA. Under the first new amendment, a financial institution can share information with the government if they believe that a regulation was violated. If the institution chooses to share information this way, they can only reveal the identifying information and they are also not held liable to sharing the information. The second amendment states that a court can force a financial institution to no notify a customer that of a subpoena issued for their information. The article then discusses the fact that the RFPA requires that reports be filed to congress but only find that 47 had been filed. The authors go on to explain that customers must be informed that they can challenge the government in situations where the government is actively trying to access financial information. Also, governments cannot transfer information between agencies without clarifying that the information in question is being used for law enforcement. If information is transferred, the subject of the information must be notified. The authors then conclude by discussing state level laws on financial privacy. According to the authors, nearly all 50 states have laws in place to protect financial privacy while four implemented laws similar to federal level legislation. This article is reliable as all the sources came from the government. There was also no bias since no criticisms were presented and no position was taken with regards to the subject. The intended audience are lawyers and privacy researchers. There was nothing in the article that changed my view. However, it will be very useful as it introduced the Bank Secrecy Act and gave me more insight into the Right to Financial Privacy Act.
12. Krist, Austin H. 2015. “Large-Scale Enforcement of The Fair Credit Reporting Act and the Role of State Attorneys General.” Columbia Law Review 115(8):2311-2348.
    • “Large-Scale Enforcement of the Fair Credit Reporting Act and the Role of State Attorneys General” by Austin H. Krist discusses the Fair Credit Reporting Act (FCRA), problems with large-scale enforcement of the act, and possible solutions to the problems. In the article’s first section, the Fair Credit Reporting Act is introduced as an act that promotes consumer protection by regulating accuracy of credit reports. Background information is given to illustrate that the use of credit exploded in popularity before the FCRA. Despite credit and credit reporting agencies’ importance to the American economy, regulation was basically nonexistent prior to the FCRA. The act gave consumers the ability to dispute any information they perceive to be incorrect on report and provided the option for consumers to initiate private litigation to resolve any credit reporting issues. It also put the government in a position to regulate the actions of reporting agencies. In the subsequent section, Krist brings attention to the importance of FCRA and the problems with enforcing it. According to the author, the purpose of the FCRA can only be fulfilled if there is large-scale enforcement. With large-scale enforcement, a balance between benefits and costs of accuracy to the economy can be achieved. Also, without large-scale enforcement, there is nothing to compel credit reporting agencies to comply with the act and change any questionable practices. Krist then goes on to identitfy three key problems with enforcing the act. First is that the language of the FRCA has led to confusing judicial interpretation. Without a clear understanding of the act, government agencies find it difficult to motivate compliance among reporting agencies. Second, is that while class action lawsuits have potential to be a powerful tool to enforce the act, judicial courts are unwilling to certify class actions as a way to purse damages under the FCRA. The courts maintain that the FCRA focuses on the individual and that class actions lawsuits should not be a valid way to seek statutory damages. Third, is that while government agencies have failed to enforce the act, state attorney generals have also failed to back up federal law and act on any violations. With the third and final part of the article, Krist offers a solution. The author believes that better enforcement of the FCRA can be achieved is state attorney generals enforce the rules through the unfair, deceptive, or abusive practices (UDAAP) provisions outlined under the consumer financial protection act (CFPA). Under the CFPA, state attorney generals will have a more defined role in which they can effectively regulate credit reporting agencies. This source is reliable as the author was unbiased throughout the article. He also used government sources to verify all his statements. The intended audience of this article are only policy makers. There was nothing in this article I found that changed my view. However, this article is helpful. It adds some more information regarding the FCRA and some criticisms that I could include in my criticism subsection.
13. Kirschner, Nancy M. 1979. “The Right to financial privacy act of 1978--the congressional response to United States v. Miller: a procedural right to challenge government.” University of Michigan Journal of Law Reform 13(1):10-52.
    • “The Right to Financial Privacy Act of 1978 – The Congressional Response to United States v. Miller: A Procedural Right to Challenge Government” by Nancy M. Kirschner reviews the Supreme Court decision regarding United States v. Miller and the government’s response. In the first part of her work, Kirschner examines financial privacy prior to the court’s decision. According to the author, before the United States v. Miller case, American citizens simply assumed confidentiality when dealing with financial institutions. However, a “banker-customer privilege” was never legally outlined which meant that the government can access financial information without ever notifying consumers. Kirschner then goes on to explain that in 1970, the Bank Secrecy Act was passed to give treasury the ability to regulate types of records and criminal evidence held by banks. The government’s right of access to financial records was also later questioned by the California Bankers Association v. Schultz, the United States v. Miller, and the Burrows v. Superior court cases. In the article’s second part, Kirschner discusses the congressional response to the United States v. Miller case. Around the time of the Miller case, financial privacy regulations were already being considered. However, with the Miller Supreme Court case decision, the Privacy Protection Study Commission (PPSC) understood that quick action must be made to protect consumer information. After investigations and studies were performed, the PPSC submitted recommendations that would eventually lead to the Right to Financial Privacy Act (RFPA). The RFPA was a comprehensive act that limited the government’s ability to access consumer financial information. It provided an outline that had to be followed in the event that the government found it necessary to access information held by financial institutions. The act empowered consumers by giving them options to challenge any request to access their information. It also detailed the duties that financial institutions were obligated to, and how to use as well as transfer any information. The RFPA also set requirements for reporting and guidelines in case of violations. This source is very reliable as it contains not bias and all the information used to create the article came from government sources. The intended audience is likely for policy researchers, privacy researchers, and lawyers. This article changed my view on how comprehensive the Right to Financial Privacy Act is. Before reading this article, I believed there were no public criticisms of the act, but it turns out I was incorrect. This article will be extremely useful for when I write my Wikipedia page. It provides some information to court cases that affected financial privacy. It also gives a detailed breakdown of the act’s provisions and any exceptions it contains. It also lists out criticisms that I can use for a criticism subsection.
14. Lacker, Jeffrey M. 2002. “The economics of financial privacy: To opt out or opt in?” Economic Quarterly - Federal Reserve Bank of Richmond 88(3):1-16.
    • “The economics of financial privacy: To opt out or opt in?” by Jeffrey Lacker examines the economics of the opt-out or opt-in requirement of the Gramm-Leach-Bliley Act of 1999 to determine the policy’s effectiveness. Under the opt-out or opt-in law, financial institutions like banks would need to receive customer consent before sharing their information. Lacker points out that the law is ineffective due to the state of the privacy marketplace. In an ideal market, banks would pay consumers to opt in because the information allows the banks to maximize profits through personalized products to consumers. On the other hand, consumers would be willing to pay banks for better financial privacy policies in order to secure their information. In reality, the market is far from ideal as there is no monetary exchange. It turns out that sharing financial information is not profitable enough to motivate banks to pay customers for their consent. Also, customers do not seem to care about their financial privacy as evidenced by an estimated 5% response rate to opt-out, opt-in notifications. Without a profitable market or concerned consumers, the opt-out or opt-in law becomes ineffective. Lacker concludes that although the law is important in protecting financial privacy, its effectiveness is overstated. This source is incredibly useful as it provides analysis on an important law that is part of the larger Gramm-Leach-Bliley Act which helps define financial privacy. The content is extremely reliable and unbiased as it was actually written by the President of the Federal Reserve Bank of Richmond. There is no opinion provided since the analysis is performed by examining economic trends. The content was easy to read despite targeting researchers who are analyzing financial privacy law and economic trends. This article will play a crucial role in helping me write my article as its careful examination of the opt-out or opt-in requirement will allow me to break down and analyze the Gramm-Leach-Bliley Act. It also changed my view on privacy laws. It seems that although many laws are passed to promote privacy, some are not effective enough due to forces, like economics ones, that the government cannot control.
15. McCorkell, Peter L and Andrew M. Smith. 2009. “Fair Credit Reporting Act Update-2008.” The Business Lawyer 64(2):579-592.
    • “Fair Credit Reporting Act Update-2008” by Peter L. McCorkell and Andrew M. Smith is an article from peer-reviewed journal that examines the Fair Credit Reporting Act (FCRA). The article is unofficially broken down into three parts. The first part summarizes the most important rules in FRCA as the authors discuss a recent provision to FCRA that prevents companies from directly marketing to customers using third party data unless customers are notified. They examine the Red Flag Rule which requires the implementation of programs that look for identity theft risks. There is also the Change of Address Rule that require government financial agencies to verify change of addresses. The Credit and Debit Card Receipt Clarification Act of 2007 is also explained as a rule that protects consumer privacy by shortening account numbers on receipts to only five digits. The second part focuses on proposed amendments to the act such as the Proposed Risk-Based Pricing Rule. The rule is as a requirement for credit guarantors to provide “risk-based pricing notices” to consumers. However, through the Credit Score Disclosure Exception, guarantors can avoid notifying consumers if they can provide credit scores to consumers with an explanation of their scoring, and their score position relative to the national distribution. There are also proposed rules regarding furnishers of information to promote “accuracy and integrity.”  The third and final part of the articles reflect on two litigations against the FCRA which were recent resolved in favor of the FRCA. Overall, the source was useful. The information was highly reliable as the content was written by business lawyers using primary sources from the government. It was also unbiased since the author’s goals were simply to present a summary regarding changes in the FRCA. The source was easy to read as its target audience were lawyers, and policy analysts. The content will be very useful for when I begin discussing the Fair Credit Reporting Act in my article. Since the authors provided very direct and informative summaries I will have background information prepared for when I perform my future analysis. The article also expanded my view on what parts of finance that financial privacy laws influence.
16. Rogovin, Michael. 1986. “Privacy of Financial Records.” Annual Survey of American Law 1986(3): 587-608.
    • “Privacy of Financial Records” by Michael Rogovin looks at the various federal and state level court cases that affects the privacy of financial records as well as legislation that protects the privacy of consumer information held by financial institutions. In the first section, Rogovin examines federal law and court cases related to any respective laws. He begins by discussing the Bank Secrecy Act passed in 1970 which set requirements for financial records and the California Bankers Association v. Schultz which confirmed the constitutionality of the act. United States v. Miller was brought up as it challenged government’s access to financial information and contributed to the creation of the Right to Financial Privacy Act. Cases like Burrows v. Superior Court, Ling v. Department of Justice, Hunt v. SEC, Pennington v. Donovan, and United States v. Frazen also set precedents that changed financial privacy legislation. In the subsequent section of the article, Rogovin deals with state cases as he claims that state courts have “recognized a right to financial privacy records based on the common law theory of implied contract.” In Tournier v. National Provincial & Union Bank of England, the court, recognized financial privacy of consumer records in a contract. The case’s decision favored the customer and upheld the person’s financial privacy. Other cases like Brex v. Smith, Peterson v. Idaho First National Bank, and Suburban Trust Co. v. Waller, among many other also set precedents in financial privacy at that state level. In the third and final part of the article, Rogovin looks into state statutes. Rogovin claims that states have implemented laws to help prevent financial institutions from openly distributing their customers’ financial information. A majority of states do not allow the sharing of information without consumer consent. Some states allow banks to notify law enforcement if they have reason to believe the law is being violated. There are also laws to limit the use of information in the event that records are shared. In most states, financial institutions are required to notify their customer if a request had been made for their information. Act passed by states also have punishment measures in place to fine institutions for noncompliance. This source is reliable. Only facts are provided so no bias is ever introduced, and government sources were used to put the information together. The article was intended for law researchers, or lawyers in general. There was also nothing in this article that change my view on my topic. This article is somewhat useful. It does provide some background to some financial privacy laws that I already did prior research on. However, the information may not be relevant enough to include in my article. The section regarding state laws may become useful, but the descriptions are very vague.
17. Smith, M. Elizabeth. 1980. “The Public’s Need for Disclosure v. The Individual’s Right to Financial Privacy: An Introduction to the Financial Right to Privacy Act of 1978.” Administrative Law Review 32(3):511-535.
    • “The Public’s Need for Disclosure v. The Individual’s Right to Financial Privacy: An Introduction to the Financial Right to Privacy Act of 1978 (RFPA)” by Elizabeth M. Smith introduces the Financial Right to Privacy Act of 1978. In the first part, the author introduces the act as a title under the Financial Institutions Regulatory and Interest Rate Control Act of 1978. It upheld the Bank Secrecy Act of 1970 and was passed as a result of the United States v. Miller Supreme Court decision. In the part two of the article, Smith looks into the federal statutes that protected consumers’ financial information before the advent of the RFPA. In 1974, the Privacy Act was passed to prevent information from being transferred between government agencies. The Freedom of Information Act, which was passed in 1967, was a blow to privacy, as it made government records available to the government if they should ever need it. The author then goes on to discuss various Supreme Court cases and lower court cases that upheld or altered financial privacy legislation. With the third part of the article, Smith examines the requirements of the Financial Privacy Act. She goes on to explain that the act prevents financial institutions from sharing information with out the customer’s permission. However, there are exceptions to the rule. The government can gain access if there is a subpoena, search warrant, or formal response issued for the information. Notifications for a customer can be delayed if a person’s safety is threatened, if a person is attempting to avoid prosecution, if evidence has been altered, if a witness has been tampered with, or if there is a situation in which an investigation or legal proceeding is in jeopardy. In the fourth and final part of the article, Smith raises question about the implementation of the FRPA. She believes that there are two major problems when it comes to ensuring that financial institutions comply. The first is that the act has no defined scope so there is uncertainty when it comes to how powerful the act is. Second, there is no clarification in the act that addresses whether or not federal agencies can interact when dealing with financial records. This source is reliable as the author does not introduce any bias in the article and all the sources used are directly from the government. The intended audience are policy researchers, privacy researchers, and lawyers. While there was nothing in that article that changed my view on my topic, the article will still prove to be useful. It provides a bit more criticism that I can add to my criticism subsection, and it also provides some new exceptions that I can include.
18. Soloway, Jay and Patricia Covington. 2007. “Data Privacy and Security: Recent Developments Affecting Consumer Finance.” The Business Lawyer 62(2):631-50.
    • “Data Privacy and Security: Recent Developments Affecting Consumer Finance” by Jay Soloway and Patricia Covington analyzes the rules and regulations that have brought about recent change to consumer data privacy. The article is divided into multiple sections that each discuss a separate policy or law. The Privacy Polices section examines a report that states that the short financial privacy notifications sent out to consumers cannot possibly include all the necessary information required and be easily understood. In the State Security Breach Notice Laws section, California was found to be the only state that to have a data breach notice law in early 2005. In the coming months and years, more state will likely implement similar laws. In the Federal Data Breach Legislation section, congress is motivated to enact legislation that requires notifications to be sent out in the event of a data breach. The State Laws on Security Freezes part claims about 25 states, at the time the authors wrote the article, had signed data breach notification laws with improved security measures and credit freeze laws. In State Laws on Social Security Numbers, the authors state that despite the fact that multiple pieces of legislation have been considered in Congress, there is still yet to be a federal law that regulates the private sector’s use of social security numbers. The FTC Enforcement Actions section explains that the Federal Trade Commission created the Division of Privacy and Identity Protection to combat threats to consumer information. According to the section, the FTC also began six other enforcement actions. With The Role of Authentication, the authors detail proposed legislation that promote the disclosure of personal information to prevent account fraud, identity theft, and other similar crimes. In the Affiliate Marketing section, the authors explain that the FACT Act amended the Fair Credit Reporting Act by adding a section that states that parties that receive consumer reports may not use the information for market except in cases where they are explicitly given permission to do so or if the subject of the report is given an option to prevent the marketing of their information. The California SB1: Affiliate Sharing part of the article states that California passed the California Information privacy Act which provides greater limitations to the dissemination of information than the federal level Gramm-Leach-Bliley Act. The finial section discusses the FACT Act Medical Privacy Rule, as it amended the Fair Credit Reporting Act and added limitations on creditors ability to access medical records. There is no bias found throughout the article and all the sources used to write the article were from government documents, so this article is reliable. The intended audience are privacy researchers and lawyers. There was nothing in this article that has changed my view on my topic. This source will not be of much use. There is only minimal information that relates to financial privacy while all the other information provided deals with other subtopics in privacy.
19. Solove, Daniel J. and Woodrow Hartzog. 2014. “THE FTC AND THE NEW COMMON LAW OF PRIVACY.” Columbia Law Review 114(3):583-676.
    • “The FTC and the New Common Law of Privacy” by Daniel J. Solove and Woodrow Hartzog is a large 95-page article that details the Federal Trade Commission’s (FTC) role in enforcing privacy policies. The article is divided into four main section sections which are then divided into more subsections. The first section details how the FTC became a privacy regulator. As privacy became a more relevant topic, privacy policies became more common. Much of the responsibility of regulating the policies fell onto the FTC at the beginning. As privacy’s importance grew, so did the FTC power over privacy regulations. Since it was never clearly stated, the FTC became the de facto authority in privacy regulations and data protection. With the second section, the authors review settlements made by the FTC. They break down the actions that the FTC takes which result in settlements regarding prohibitions of wrongful activities, fines and other monetary penalties, consumer notification and remediation, deleting data or refraining from using it, making changes in privacy policies, establishing comprehensive programs, assessments by independent professionals, recordkeeping and compliance reports, and notification of material changes affecting compliance. The settlement the FTC makes create a precedent that eventually becomes “de facto common law.” In the subsequent section, Solove and Hartzog analyze the “jurisprudence of the new common law of privacy.” The authors deception in the form of broken promises, general deception, insufficient notice, and data security. They then touch upon unfairness in the form of retroactive changes, deceitful data collection, improper use of data, unfair design and default settings, and unfair data security practices. Statues like the Fair Credit Reporting Act (FCRA), Children’s Online Privacy Protection Act (COPPA), and Gramm-Leach-Bliley Act (GLBA) as well as the safe harbor law are discussed. The final section of content within the third section deals with developmental patterns. The authors look into the evolution from general to specific standards, incorporation of qualitative judgements, establishing baseline standards, and recognizing indirect liability. With the fourth and final section, Solove and Hartzog discuss possible ways for the FTC to implement more complete privacy regulations. They discuss looking beyond privacy policies and developing substantive rules they can follow. This article is very reliable as its only goal is to use facts to provide insight into the FTC’s relationship with privacy and regulations, so there is no bias found throughout the article. The sources cited in the article are also all reliable as they come from government documents. The intended audience are likely for policymakers, policy researchers, and privacy researchers. The articles comprehensive overview on the FTC change the way I viewed the FTC’s relationship with financial privacy laws. I always believed that the FTC was just the federal agency that does light work to ensure regulations are followed. However, this article showed me that the Federal Trade Commission has a lot of influence consumers, financial institutions, and financial privacy laws overall. This article will be very helpful. The information provided could help me create an entire section for regulatory agencies.
20. Vanderwoude, Neil. 2009. “The Fair Credit Reporting Act: Fair for Consumers, Fair for Credit Reporting Agencies.” SouthwesternLaw Review 39(2):395-412.
    • “The Fair Credit Reporting Act: Fair for Consumers, Fair for Credit Reporting Agencies” by Neil Vanderwoude discusses how the Fair Credit Reporting Act (FCRA) affects consumers. The article begins with a section that gives background to the FRCA as it is explained that the act was passed in 1970 and amended in 1996 as well as 2006. The purpose of the act was to promote fairness and accuracy in consumer credit reporting. Vanderwoude continues onto the next section by discussing the problems with the act. It is pointed out that the language is vague as phrases important to the interpretation of the act like “technically accurate” are not well defined. The idea of accuracy is also not clear as the act does not specify if accurate means credit reports must be correct or complete. There have also been problems in which conflicts have arisen due to the way in which the FCRA is worded as evidenced by Cahlin v. General Motors Acceptance Corp. According to the act Cahlin was found to be wronged but the CBI, the credit bureau working with General Motors, was found to have no wrongdoing. With the final part, Vanderwoude attempts to propose solutions to the problems the FRCA faces. For the author, the most obvious solution is to simply clarify the act. Vanderwoude also claims that changing section 168li would make lives easier for the plaintiffs and the defendants as both sides could avoid costly litigation and liability. The author also argues for holding merchants responsible and for better guidelines as well as procedures so that consumers are not misled. This article is reliable as the information provided by the author was gathered from credible sources. There is slight bias present as a majority of the article serves as criticism against perceived problems in the Fair Credit Reporting Act. However, the bias is a result of analysis of factual conclusions. The intended audience for the article are policy analysts. Nothing in the article changed my view, but this source will be extremely useful. The article provides many points of criticism which would fit perfectly in the criticism subsection of the FCRA.

In our interconnected world, data and information are one of the most personal and important things. Whether we like it or not, our lives are intertwined with the finance industry which means we give multinational corporations an unprecedented amount of access into our lives. As we live our lives we give out so much information to financial institutions that we lose control of our data. To protect us from the sometimes questionable actions of financial institutions and give us back control, governments have passed laws. I believe that everyone should not only know those laws, but also understand the rights that the laws allow them so that they can keep their financial information private. I am creating this page to help educate others and myself in the ways that the government can help maintain our financial privacy, and how we can protect ourselves from those who want to invade our privacy.

The content of the article was decent overall. The biggest problem with the article is the way the content it is formatted. The introduction included a bullet list of data privacy issues that seemed very out of place. An entire section could have been created to house the issues. Each specific issue could have had its own subsection and descriptive content. Another issue with the content is that the information provided seems a bit dated. Subsections like cable television, internet, and financial are missing a lot of information relevant to our modern discussion on privacy. The legality section is also a problem because it is simply an entire section for one sentence. Law is a very prevalent topic in privacy today, so I believe that the section deserves much more attention.

The tone of the article is very neutral. The authors are not biased towards any position. The material is simply presented to the readers without any opinions of personal reflection. However, many of the topics explored in the article are underrepresented. Privacy is such an important issue right now that I believe every section and subsection needs to be updated for more current information.

The sources cited in the articles are all reliable. There is no bias in the articles used and each source is independent from the overall topic. The information provided are all supported by the sources.

The content provided in the article is not of great quality. Other than the software versus hardware section, many of the other sections simply lack information. Many of the many topics are explored with short and vaguely informative paragraphs. Data security has evolved by leaps and bounds in recent history, so many of the sections should include more information that reflect those changes. There is also a problem with grammar in the article and the fact that some of the information seem irrelevant. For example, in the international law subsection, the authors talk about data privacy day in Europe which is unrelated to actual international law in Europe. The international standards is also another example of irrelevant information as the authors list organizations related to data privacy instead of providing actual information on the countless international standards.

The tone throughout the article is neutral. Although some information seems out of place, the authors do not exhibit any evidence of bias. Many of the topics that are analyzed in the article are underrepresented. Nearly each section and subsection of the article deserves more information from more sources.

Not all the sources cited in the articles are reliable. There are some articles that are scholarly work while other are just articles from average websites. There is no bias in the articles but some of the articles have questionable reliability. The sources do work and the content in the article is supported by the sources. However, the article is in much need of newer and more sources.

Overall, I like the format and content of your article! However, be sure to be consistent in both your content and format. I like the description and criticism format that you did for a couple of the laws, so I would recommend doing this format with all of the laws. Moreover, you have more criticism for one of your laws than the other; is this purposeful, as in is the law less criticized? Or is there just less online about it? Also, if you are going to hyperlink all of the laws in the lead section, you should hyperlink all of the laws. Consistency is important for the reader’s continuity and understanding in reviewing your article. I also think you should have an implications section for the user to spell out the facts about why they should care and take the time to criticize these laws. So far, the Gramm-Leach-Bliley Act is definitely your strongest section, so I would model your other sections like that one. In the second law that you describe, the criticism section is vague, so explaining that would add strength to that section and the article overall. Also, adding a criticism for the last law would be helpful for your article as well.

Nice first draft; I look forward to seeing the evolution of this article as more sources are brought into the equation and the article has more continuity and consistency.

• I thought your lead section did a great job or touching on all the aspects of the article you plan to talk about. I think you could even expand on some of the information in your lead. For example, since you have a large section on the Gramm-Lech-Bliley Act, I would suggest giving the reader a 1-2 sentence explanation of this act, so they know what to expect in the main article.
• Overall, the information presented in your article is written in a very clear and informative manner. This is a consistent neutral tone throughout the whole article, which is great. I also thought the structure of your article was easy to follow. I think you could improve your article by expanding on some of the sections, such as the California Privacy Act section, so it provides the same amount of information as this section.
• Additionally, a small format change you could make in your Gram-Leach section is making a bullet-point list of the three rules in the act. This can make the information easier to comprehend for the reader.

Overall, great content and organization. I think some of the information could be worded in a more fluid way for the reader to understand coherent points. The lead section does a good job of outlining all of the major laws and acts you will be discussing, however, it could maybe use a bit more information/background to give the reader a really clear overview of what the rest of the article pertains. Also, having an overall section for federal versus state laws could clean up the format a bit. Looks like a good progression, just needs a bit more information in some of the sections.

Overall, your article is super easy to understand and does a great job conveying the information. Importantly, you start your article off with a succinct yet solid definition of financial privacy laws, which guides the reader through the rest of your article. My main critique would just be regarding your verb tense. It seems as though there are some switches between tenses within sections, which poses some potential confusion. For example, when talking about the Financial Privacy act, you state that the act "allowed" which makes it seem as though the act is no longer in place. Additionally, in Electronic Funds Transfer Act, you tend to use "would", but I think it would be more clear if you reworded it in a way like "banks have to notify", etc. All in all, great job though! You have a lot of valuable content.

You clearly already have a great article here!

A few stylistic suggestions: I believe the Wikipedia policy on titles is to capitalize only the first letter of the title unless there are proper nouns, so I'd make the P in Privacy and the L in Laws lowercase. Also, I think you're supposed to put the title phrase in bold within the lead section, so you could bold "Financial Privacy Laws" the first time you say it. For court cases, I think the titles are supposed to be in italics. I only saw one when reading your article and italicized it, but I just thought to mention that in case you add more. Finally, I feel like you should be consistent in whether or not you put periods after the bulleted sentences and only hyperlink phrases the first time you mention them.

Lead section: You're very concise, which I think makes it nice and easy to read, but I think it also looks a bit short, so you could consider beefing it up a little bit now that you've written most of the article and know its contents. I also don't see any citations there, so you could maybe just add a couple.

Federal laws: I'm a little confused by the sentence "The Right to Financial Privacy Act included many exceptions to primary expedite federal investigations." I think you could rephrase along the lines of "The Right to Financial Privacy Act included many exceptions for the government to access financial records without notification in order to expedite federal investigations." Also for that sentence I think you can take out the hyperlink since you have already included it once before. For the criticism of the Right to Financial Privacy Act, I think you could expand on what you have now to show why it's a criticism and not just a statement. This is something I need to work on as well, but I'd consider your placement of laws and maybe organize them in either chronological order or by how much content you have for each. I really like the organization of the Gramm-Leach-Bliley Act and how you use numbers to clarify what it lays out. I know this is probably still under citation 7, but I'd add a citation after the "The privacy policies required by the act are also unhelpful, as many of the policies written by financial institutions are intentionally complex to prevent customer comprehension." sentence because it seems particularly biased, and you might want to ensure readers know it's not your own opinion. I can't quite tell the intent, but I think you might want to replace the "and" with "or" in this sentence: "According to the FCRA, obsolete information may not be investigated and included on reports." With the sentence: In the context of the act, "accuracy" can be interpreted as a credit report that is either correct or incomplete, I think that you could reword it to say "In the context of the act, "accuracy" is called into question when there are credit reports with either incorrect or incomplete information" if I'm getting the meaning correctly.

State laws: Before the last paragraph of the California privacy act, I think you could put a "Criticisms" subheading. Also, are California and Vermont the only states with any substantial financial privacy laws? It seems a little random, but that may just be the reality of the situation. You may want to consider putting bullets under the first article of the Vermont law because the rest of the articles do have the bullets and it looks slightly inconsistent.

Overall, I think your article is very interesting and has a very encyclopedic tone. You also include plenty of citations and hyperlinks, which makes it look more like a real Wikipedia article and helps assure the reader that all information is reliable when discussing the downsides of some laws. I think you've done a really good job with the structure, especially when you decide to use bullets. It seems like you decided to use them sparingly and only with the most complex concepts or when there were a certain number of exceptions to articulate, which I think made it a lot easier to understand. Solid work!

P.S. Sorry for my how long the body section of my review is, but I thought it was better to give examples for how to rephrase certain sentences instead of just suggesting you rethink them. If you have questions about what I meant about anything definitely let me know!

I really like the lead section, it shows practically no bias and the several hyperlinks make it out to seem more credible.

For the RFPA section, I noticed that the paragraph you start with describing the act, but then defines two terms, financial institutions and then financial records, but then goes back to describe the act. I think this flow might seem a little out of place because I got confused when reading it the first time so I had to go back a couple times. I think if you have what the act does, so have the "The act was put place.. financial records" followed by "The act required that the U.S. government...financial information" and then possible have definitions after it wouldn't seem like the definitions are just squat in the middle of the explanation of the act. Also are the exceptions the two sentences right after it (in the next paragraph). Maybe something like "The RFPA included many exceptions to expedite federal investigations including federal agencies can access any...*citation* and the act also gives any government...*citation*" I think it would make it more clear on what the exceptions are. Just a suggestion though because I know there are different citations used for these exceptions. Combine these sentences because words are repeated in both "A consumer can give permission to the government through written approval, which allows the government access for a maximum of three months."

For the Gramm-Leach-Bliley Act, I'm not sure if this is just a technical thing but since you already have the first instance of Glass-Steagall Act hyperlinked so the second is unnecessary? And the following sentence, you can just reference "To promote consumer privacy, the GLBA included..." because I thought you were introducing another act into the page, but it's the same two, the extra hyperlinks confused me. Also for the financial product, having to notify only one party is there a way that party is chosen, is it the financial institutions preference, who gets to choose? Also the last sentence, how would the investigation regarding public safety, how would it know that certain information was being used in an investigation? Do they get notified and then they know they have the right not to tell their clients? Maybe include a small sentence about the Red Flag Rule, and how it is related to the FCRA or like immediate impact it has on it.

FCRA: This sentence is repetitive because promote compliance and enforce rules are the same thing: "To promote compliance, the FCRA includes multiple measures to enforce its rules." you could write "The FCRA includes multiple measures to promote compliance." For the criticism maybe an additional sentence of how it's been misinterpreted to provide contrast?

FACTA: I see how you had a small part about Red Flags Rule but I think it might be helpful to have that earlier since it was mentioned earlier already.

FDCPA: Repetitive sentences: "Under the FDCPA, collectors are not allowed to publish a consumer's name and address on a bad debt list." and "They are not allowed to reveal any information regarding the debt to unaffiliated third parties except the consumers' partner, attorney.". Try: "Under the FDCPA, collectors are not allowed to publish a consumer's name and address on a bad debt list or reveal any information regarding the debt to unaffiliated third parties except the consumers' partner, attorney." If this isn't repetitive and the name and address and information are two separate things, disregard this.

CPA: This is just a nitpicky thing but you don't have to re-write the entire act out multiple times because it confuses me that you might be introducing multiple different acts but it's really just the same one. The California Privacy Act provides narrower definitions of some language found in the GLBA. But because there is not shortened version of the name I think this might also be the proper way to approach this.

SBCCA: How come gas stations are the only exceptions to this act? What is the reason that companies can have exceptions to this act, besides prevention of fraud? Because can't technically all companies claim they are preventing fraud so they would have the ability to collect consumer information?

Overall, your essay is really really nicely developed! You have plenty of sources and each act is thoroughly described as well as having criticisms after which the structure is very fluid and mirrored. I think sometimes your wording gets a little tied together or sometimes I think just having the act names so many times, if I don't read correctly I get confused on to what's being referenced. I fixed a couple grammatical things but this paper doesn't not seem to hold any bias, just facts that sometimes need a little more clarification. Overall, great work! It looks really good and I think the most outstanding part is that it sound really professional which is good.

Overall, I thought your article was really well developed and very interesting to read. Because, I made most of my specific comments through the Google Doc I shared with you, I will just state some general comments I have about your article. I thought you had a very challenging task, because financial privacy laws are so nuanced and contain a lot of dense information. I thought your article did a good job of providing readers with a really thorough and clear explanation of all the laws that you mentioned, so great work! I also thought you did a great job of explaining the information in a non-biased manner. Your overall tone was very informative which was create. You also discuss the criticisms of the laws to show both sides of the information.

I thought your lead section did a great job of introducing your topic in a clear manner. It touched on all the major sections of your article and let the reader know what you would be discussing.

I thought the overall structure of the article was great. I liked how you listed out things, because it made those parts of the article more readable. In the “Regulation B-2018-01: Privacy of Consumer Financial and Health Information” section I was a little confused by your structure, but I made a note of it in the Google doc. Also, some laws in your Federal Laws section have a lot less information than others (like the Bank Secrecy Act), but I think the overall article is still well-balanced.

Your provide a lot of well-written interesting information, and I really enjoyed reading your article! Great work.

Simhhyena brought up great points about consistency. I should be including a criticism section for each law since I already had one for my first two laws. I agree that I should be hyperlinking as much as possible throughout the article to maintain consistency and formatting. I am also still compiling sources and piecing together information from multiple articles, so each section is still lacking in information. I will definitely be adding more to the criticism sections for each of the laws and updating the sections on state laws, and the Fair Credit Reporting Act. I'll also look into structuring the other sections after my Gramm-Leach-Bliley Act section.

Midwestmich99 provided great advice on my formatting for certain sections. I should clear up my Gramm-Leach-Bliley section because a lot of the ideas seem jumbled together. Separating certain ideas would probably allow better flow when reading. I also feel that Midwestmich99's advice that I should convert some of the information in my Gramm-Leach section into bullet points is a good idea. I also agree that I need to expand on each section, especially the California Privacy Act section. More information will be added as I find more sources.

Breadyornot brings up a good point about the wording of my article. After rereading my article a couple of times, I have realized that there are some sections in which the wording it too convoluted for readers to understand. It creates a problem with flow if readers decide to read through the entire article all at once. Since I added new information into the body of the article, I should also add some more brief information about the new laws in the lead section to give readers a clearer outline. I will also be putting non state-level laws into a federal laws main section so my article will have better organization.

Funfettiqueen's only criticisms are that I switched tenses a lot throughout my article which may create potential confusion, and that I use the word "would" a lot. I just have to go through my article and make sure the tense is consistent throughout. I also should edit out some "would"s, as there are better and more eloquent ways for me to word things. I can probably avoid a lot of potential confusion among readers if I make these two changes.

Tommytheprius' peer review was very helpful and thorough. Stylistically, I should definitely change the style on my titles so that they are all in accordance to Wikipedia's policy. I should also stay consistent with my bullet points and decide whether to have periods after each point of not. For my lead section, I should add more information since my article has expanded in sections since my last draft. There are also still some wording issues in my body sections. I need to fix the ones that Tommytheprius pointed out as well as go through everything again to check for more errors. I also need to find more criticisms for my section on the Right to Financial Privacy Act since it literally is one section and also italicize the court case I have under the same section. Finally, I need to expand my search into more state laws since I only have two states right now.

Rainbowdolph's biggest criticisms about my latest draft are wording and formatting. I often get unnecessarily wordy when I write off the top of my head which leads to a lot of redundant sentences throughout my article. I need to go through every part of my article in my next draft and try to get rid of any repeating information. Rainbowdolph also points out that my wording gets convoluted at some points which messes with the flow of my content, so I should go back and reword complex ideas. I was also excessively adding hyperlinks at the beginning of my first draft. It was only pointed out to me now that the amount of hyperlinks can become distracting so I should take out a lot of the repeating ones. I also need to move up or reword one of the sections that has a related provision with another law so that readers aren't confused. Finally, I need to do a bit more research this week to find more sources that would clarify some of the information I pulled from the privacy books. Some parts of the article, especially the state laws section, has some underdeveloped and vague points.

Midwestmich99's only criticisms were formatting of my Vermont section and some of the wording throughout my article. My Vermont section is very bullet heavy so I will look into combining certain key points while keeping everything as clear as possible still. There are also still a lot of weird wording throughout my article, despite going through my article last week and trying to clean it up for anything too convoluted. I will be going through everything with more detail to make sure everything is clear and easy to read so there are not breaks in flow in my article.

Financial privacy laws regulate the manner in which financial institutions handle the nonpublic financial information of consumers. In the United States, financial privacy is regulated through laws enacted at the federal and state level. Federal regulations are primarily represented by the Bank Secrecy Act, Right to Financial Privacy Act, the Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act. Provisions within other laws like the Credit and Debit Card Receipt Clarification Act of 2007 as well as the Electronic Funds Transfer Act also contribute to financial privacy in the United States. State regulations vary from state to state. While each state approaches financial privacy differently, they mostly draw from federal laws and provide more stringent outlines and definitions. Government agencies like the Consumer Financial Protection Bureau and the Federal Trade Commission provide enforcement for financial privacy regulations.

The Right to Financial Privacy Act of 1978 (RFPA) was passed in 1978 primarily as a response to the Supreme Court ruling on United States v. Miller 1976 and to supplement the Bank Secrecy Act.^[1][2] The act was put in place to limit the government's ability to freely access nonpublic financial records.^[1] The RFPA defines financial institutions as any institution that engages in activities regarding banking, credit cards, and consumer finance. It also defines financial records as any documentation of a consumer's relationship with a financial institution.^[3] The act required that the U.S. government deliver a legal notice to a customer or receive consent from a customer before they can legally access their financial information.^[4] Customers must also be informed that they have the ability to challenge the government when the government is actively trying to access their financial information. In the event that the government successfully gains access to a customer's information, the government is not allowed to transfer the information between government agencies without clarifying that the information in question is being used in the name of law enforcement. The customer must be notified immediately if conditions are met and their information is going to be transferred between agencies.^[4]

The Right to Financial Privacy Act included many exceptions to expedite federal investigations. Federal agencies can access any financial records if the records in question are connected to a law enforcement investigation.^[3] The act also gives any government department or agency the ability to request access to a customer's information.^[1]

The government can access financial records through six exceptions:^[3][1]

1. Grand jury subpoena
2. Customer authorization giving consent
3. Administrative summons
4. Search warrant issued under the Federal Rules of Criminal Procedure
5. Judicial subpoena
6. Formal written request

Any preexisting rules regarding search warrants are applied to the exceptions. When a search warrant for a customer's financial information is issued, the government has 90 days to inform the customer of the existence of the search warrant.^[3] A consumer can give permission to the government through written approval which allows the government access for a maximum of three months. At any given time, the consumer can void the approval. If the government is given access via approval, the financial institution holding the information must document which government agencies are given access.^[3] In the event that financial records are requested using an administrative summons, a judicial subpoena, or a formal written request, the government must notify the customer of what specific records are being requested, why they are being requested, and the procedures used to access the records.^[3] Financial institutions must verify that all laws, regulations, and procedures were followed before any financial records that were requested can be handed over to federal agencies.^[3]

The RFPA was later amended to increase financial institutions' ability to help facilitate criminal investigations and prosecutions. Under the new amendments, financial institutions are allowed to disclose information to the government if they believe that a regulation has been violated. If an institution decides to share a customer's financial information this way, then the institution is only allowed to disclose information that identifies the suspect. The institution will also not be held liable for disclosing the information.^[4] The amendments also states that a court can compel a financial institution to notify a customer that their information has been subpoenaed.^[4]

Criticism has been directed at the written approval. The act never specifies if the customer is responsible for submitting the approval directly to the financial institution or if the government is responsible for only providing proof that a written approval has been submitted to them.^[3]

The Gramm-Leach-Bliley Act (GLBA) was enacted in 1999 to repeal the Glass-Steagall Act.^[5] The repeal of Glass-Steagall allowed mergers between different types of financial institutions to occur, which enabled increased efficiency in the dissemination of financial information. To promote consumer privacy, the Gramm-Leach-Bliley Act included regulations to limit the ways in which companies handled and shared financial data.^[6]

Protection of information is generally elaborated through three set rules in the act:

1. Financial institutions must create privacy policies, if one was not already in place, and inform customers of their policy^[7]
2. Financial institutions must specifically disclose to customers the conditions in which policy exceptions would allow financial information to be distributed to unaffiliated third parties^[7]
3. Financial institutions must give customers an "opt-out" option to allow customers the ability to prevent private information to be disclosed^[7]

Despite the regulations put forth by GLBA, exceptions in the act allow financial institutions the ability to disclose financial information under certain conditions. If a financial product provided by a financial institution is owned by two or more parties, the institution is only required to notify one party.^[7] Financial institutions are also allowed to disclose information without ever notifying the customer if the information in question is used for an investigation regarding public safety. ^[7]

The Safeguards Rule was implemented into GLBA by the Federal Trade Commission (FTC) to set standards that financial institutions must follow when protecting financial information.^[8] The rule required that financial institutions create and implement a security program that is appropriate to the size of the institutions' operations. The program must keep information safe from any unauthorized access of information, unauthorized use of information, and threats to the safety of the information. Information systems that processes, stores, transmits, and destroys information must be used in the security program.^[8] The rule also states that institutions must dedicate employees to the development, implementation, and maintenance of the security program. There must be people trained to identity and respond to any security threats or data breaches.^[8]

The Gramm-Leach-Bliley Act has been the subject of much criticism as experts claim that the act provides weak protection due to its broad language. Without clear explanation and better defined language, the act is open to interpretation which will ultimately work against consumers.^[6] The privacy policies required by the act are also unhelpful, as many of the policies written by financial institutions are intentionally complex to prevent customer comprehension.^[6] There is also a lack of rules that punish financial institutions for any noncompliance.^[6] Criticism has also been targeted at the opt-out rule in the act. Former president of the Federal Reserve Bank of Richmond, Jeffrey M. Lacker argues that the opt-out option, provided by banks in their policies to customers, is ineffective due to a weak marketplace for financial information. Sharing financial information is not profitable enough to motivate financial institutions to pay for customer consent, so opt-out notifications are rarely distributed. In situations where customers are notified, only an estimated 5% respond.The low response rate is evidence that consumers do not seem to care about their financial privacy. With unconcerned customers and a weak market, the opt-out option is rendered ineffective.^[9]

The Fair Credit Reporting Act (FCRA) was passed in 1970 to regulate credit agencies and promote fair and secure handling of consumer information.^[10]

The FCRA attempts to limit the dissemination of information through five main rules:

1. Credit reports and investigative reports must be differentiated so that any irrelevant is not mixed^[11]
2. Reports can only be made available to those with "legitimate business needs"^[11]
3. The subject of a report must be notified of any request for their information
4. Agencies must give consumers access to their own files if they ever should request it^[11]
5. A time limit is set for the retention of information on reports. Information that is seven years or older must be deleted while information regarding bankruptcies can be removed only after fourteen years^[11]

According to the FCRA, obsolete information may not be investigated and included on reports.^[10] Information found in reports can be contested in the event that a mistake is found. The credit agency must begin an investigation, and if a mistake is proven to exist, the information must be removed immediately.^[10] If a consumer if affected by the contents of their report, the user of the report must notify the consumer so that he or she can access their file and receive an explanation of the contents of their file from the agency. The FCRA also includes the Red Flag Rule, which was added by the Fair and Accurate Credit Transactions Act.^[12][13] A Change of Address Rule is also set in place so that government financial agencies must verify change of addresses.^[13]

The FRCA includes multiple measures to promote compliance. The act states that unauthorized access to a file or receiving a report under false pretext will result in a criminal offense. Reporting agencies and those using the reports are held liable for any noncompliance as well. The consumer is also entitled to reparations as a result of any damages from any misuse of their information.^[10]

The Fair Credit Reporting Act faced criticism over the strength of its regulations as the act only limits the distribution of information instead of the collection of it.^[11] The act is also written with broad language which invites open interpretation that may lead to loopholes.^[11] Some criticism has also been directly aimed at the vagueness in defining "accuracy." In the context of the act, "accuracy" can be interpreted as a credit report that is either correct or incomplete.^[14]

The Fair and Accurate Credit Transactions Act (FACTA) was passed by Congress in 2003 to amend the Fair Credit Reporting Act (FCRA).^[12] The amendments ensured that any state laws with stricter regulations than those outlined in the FCRA would be enforced first. State laws regarding credit scores, credit reports, and insurance that were to remain in effect as a result of the amendments were outlined within the act. Under the act, consumers received more rights to explanations of their credit scores and the right to a free credit report each year.

The Disposal Rule set requirements under FACTA for how public and nonpublic entities have to destroy consumer reports in order to prevent unauthorized access to nonpublic consumer information.^[12] Under the act, disposal of physical information can be done through the burning, pulverization, and shredding of documents. Digital information can be disposed of by simply erasing electronic files. Information can also be destroyed by hiring contractors. Due diligence must be performed on documents to identify consumer information before they can be submitted to contractors for disposal.^[12] Any disposal of information must be done so in way that the documents cannot be reconstructed and read.^[12]

The Red Flags Rule was a rule set under FACTA that requires financial institutions and creditors to develop and implement programs to identify and prevent any identity theft threats.^[12][13]

The Credit and Debit Card Receipt Clarification act was passed in 2007 as an amendment to the FRCA.^[15] The act required that account numbers printed on receipts have to be shortened to five digits in order to protect consumer privacy.^[13]

The Bank Secrecy Act was enacted in 1970 to deter people from hiding income in foreign financial institutions and to prevent financial institutions' common practice of photocopying items used in criminal investigations.^[2] The act gave the United States Treasury clearance to consolidate bank records so that the information can effectively serve in legal proceedings. It also set a requirement for financial institutions to maintain consumer records, especially those with international transactions.^[4] Financial institutions are required to hold records for six years and are obligated to report any suspicious transactions.^[2][3]

The Fair Debt Collection Practices Act (FDCPA) was passed in 1978 to give consumers rights and the ability to maintain accurate information when dealing with debt collection. Under the act, any consumer information regarding debt is protected.^[16] Requirements were set to outline the ways in which debt collectors are allowed to interact with a consumer when pursuing payment.^[16] Under the FDCPA, collectors are not allowed to publish a consumer's name and address on a bad debt list or reveal any information regarding the debt to unaffiliated third parties except the consumers' partner or attorney. If the collector is attempting to inquire about the whereabouts of the consumer, then they can disclose debt information to only neighbors and coworkers.^[16] Collectors are also not allowed disclose fraudulent information to credit reporting agencies in an attempt to collect the debt.^[16]

The Electronic Funds Transfer Act was passed by congress in 1978 to regulate the then growing use of electronic transfer of funds.^[1] The act implemented requirements so that banks have to notify their customers of any policies regarding electronic transfer of funds. A model statement is even included in the act in order to regulate the language in which policies would be presented to consumers.^[1] Banks are also held liable in the event that information is disclosed through telephone without consent.^[1] Also, banks would be held responsible for any damages that came as a result of unauthorized access to a consumer's information.^[1]

The Dodd-Frank Wall Street Reform and Consumer Protection Act was enacted in 2010 to bring about reforms to the financial system after the 2008 financial crisis and to establish the Consumer Financial Protection Bureau.^[12]

The California Consumer Privacy Act was passed in 2018 to protect any and all California residents' nonpublic information.^[17]

The act set requirements that regulates and attempts to limit the sale of personal information. However, companies can justify their sale of information through contracts with business partners. Those contracts would be taken into consideration when a company is reviewed for compliance to the act.^[17]

If a company is unable to comply with provisions regarding the sale of information without disrupting their business, then they must receive consent through the opt-in option from minors under 16 years old or parental consent if the minor is under 13 years old.^[17] Companies must also give all other consumers the ability to opt-out of any disclosure of information through a webpage link that clearly and specifically says "Do Not Sell My Personal Information."^[17] In the event that a consumer does opt out, the company cannot approach the consumer with the option to opt in again until a year has passed since the consumer opted out.^[17]

Under the act, companies must notify consumers of their new rights regarding data access, disposal, and portability.^[17] The company must also provide a way for consumers to exercise their new rights and a way to verify any consumer requests to exercise their rights.^[17] Privacy policies must also be updated to reflect newly required information disclosures.^[17]

Companies can deny a consumer's request to erase personal information under 9 conditions:

1. The information is needed to complete a transaction^[17]
2. The information is needed to identify and protect from fraudulent activity as well as prosecute those responsible for such attacks^[17]
3. The information is needed to identify and fix problems with functionality^[17]
4. The information is needed to exercise free speech^[17]
5. The information is needed to stay compliant with the California Communications Privacy Act^[17]
6. The information is needed to conduct statistical research of public interest^[17]
7. The information is needed to meet obligations with the consumer in question^[17]
8. The information is needed to meet legal obligations^[17]
9. The information is needed to meet the requirements in which the consumer initially provided the information^[17]

The act also regulates any employer-employee relationships regarding personal information.^[17] Under the act, employers must provide a way for their employees to exercise their rights outlined in the act. Employees also have the ability to opt out of any sale of information. A clear link that specifically says "Do Not Sell My Personal Information" must be also be provided to employees under the employers' website to help facilitate any opt-out requests.^[17] Under the act, employees can request the disclosure of certain categories of information.^[17] If employers plan to collect information concerning their employees, then they must notify their employees of what information was collected, why it was collected, and under what conditions would the information be used. If the employers were to gather additional data, then another notification must be sent out to employees with the same aforementioned details.^[17] Employees have the ability to request that the employers erase their information. However, employers also have the right to deny the request if maintaining the information is necessary to meet certain obligations.^[17] Employees must also be notified if their employers are selling their information under the California Civic Code's definition of "business purposes."^[17]

Companies that conduct business with California consumers must comply with the act if the company satisfies one of the three conditions stated under the act:

1. If the companies has annual gross revenues of $25 million or more^[17]
2. If the company holds personal information of 50,000 or more California residents, households, and devices^[17]
3. If the company generates greater than or equal to 50% of their revenue by selling California residents' information^[17]

Companies that are not physically located within California and conducts all of its business outside of the state my be exempt from the act.^[17] However, if such companies enter California or begin engaging in transactions with California residents online, then they would be expected to comply with the act.^[17]

The California Privacy Act is a state level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act.^[18] The California Privacy Act provides narrower definitions of some language found in the Gramm-Leach-Bliley Act. For example, financial institutions that are regulated under the act only include institutions that are "significantly engaged in financial activities."^[18] The act also provides an opt-in rule instead of opt-out which allows consumers more control over the situations in which financial institutions can handle information without consent.^[18] Financial information is also required to stay within one financial entity which means other institutions are not allowed access based on affiliation.

Punishment is also outlined in the act to deal with any institution that fails to comply. Violations to the act may result in a maximum penalty of $500,000. However, the fine can double in situations concerning identity theft.^[18]

Despite providing more stringent rules, the act also includes exceptions. Those who entered into contracts before the act was passed may still have their information shared if they do not manually opt out. Institutions that share the same regulator are allowed to exchange consumer information without notifying the customer. Customers also do not need to be notified that their information has been given out if the information is used for any legal proceedings.^[18]

The California Consumer Credit Reporting Agencies Act (CCCRA) was passed in 1975 as the state's version of the federal Fair Credit Reporting Act.^[16] The act regulates consumer credit reporting agencies as well as any users of credit reports. The act also provides a narrower definition of "consumer credit report" as any information that falls within credit reports is protected by the act.^[16]

The CCCRA allows consumers to request a copy of their credit file with a thorough explanation of any codes used, credit score with related information, records of any third party requests made for the consumer's files, and the identifiable information of any party third party that has received the consumer's file.^[16] Any information requested by the consumer must be made available by a person, by mail, or by phone with a trained person who is able provide a comprehensive explanation of the information.^[16] Credit reports can be disclosed to third parties without notifying the consumer if the information is related to the party requesting the information, if it is to complete a court order, or if the party requesting it has legitimate use for the information.^[16]

California passed their own Right to Financial Privacy Act two years before the federal government passed an act of the same name in 1976.^[16] The act regulated the state's government agencies' abilities to access nonpublic consumer information. As a result of the act, California's government agencies are not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information.^[16]

As long as government agencies show proof of customer consent, a subpoena, or a search warrant, financial institutions are obligated to disclose the requested financial information.^[16] With proof, financial institutions do not have to verify that all laws were followed before handing over information.^[16]

The Song-Beverly Credit Card Act was passed in 1971 to protect consumer information in credit card transactions.^[16] Under the act, companies may not collect personally identifiable information from consumers who purchase goods or services using credit cards. Companies cannot set conditions in which consumers must consent to sharing their information in order to use their credit cards for a transaction. However, consumer information can be requested in order to complete a credit card transactions as long as the information is never recorded. The act also set a redundant state level requirement that companies must shorten a consumer's credit and debit card information on receipts.^[16]

There are exceptions to the act as companies are still able to collect information from consumer who pay using debit card of cash.^[16] Under the act, companies can still collect consumer data if a credit card is being used to collect money in situations similar to damages and defaults. In the event of a consumer return or refund, companies are allowed to collect information to protect against fraud.^[16] Gas stations are also allowed to only collect a consumer's zip code information to protect themselves from fraud.^[16]

Regulation B-2018-01: Privacy of Consumer Financial and Health Information was passed in Vermont to protect privacy of financial information. Financial privacy is defined by the first four articles in the regulation.^[19]

Article I

The first article in the regulation is used define what the regulation is in general. As stated in the article, the purpose of the regulation is regulate the handling of any private information connected to financial institutions.^[19]

The regulation defines financial institutions through nine conditions:

1. Financial institutions defined by the Vermont statues^[19]
2. Licensed or registered individuals engaging in financial activities defined by the Bank Holding Company Act of 1956^[19]
3. Mortgage brokers, mortgage loan originators, lenders, and sales finance companies^[19]
4. Independent trust companies^[19]
5. Money service providers^[19]
6. Debt adjusters^[19]
7. Loan service providers^[19]
8. Foreign financial institutions^[19]
9. Subsidiaries of any of the above^[19]

Article II

• Financial institutions are required to inform customers of their privacy policy with an understandable notification.^[19]
• Customers must be notified every 12 months of the financial institution's privacy policy. ^[19]
• Privacy notifications must include the nine points of information outlined by the regulation:
  1. What information the financial institution collects^[19]
  2. What information the financial institution chooses to share^[19]
  3. Categories which affiliated and nonaffiliated parties the financial institutions disclose information to fall into^[19]
  4. The categories of information regarding former customers that the financial institution has shared, and to which parties the information has been shared with^[19]
  5. Whether a financial institution has shared information with a nonaffiliated third party under an exception^[19]
  6. A outline of the methods in which a customer can exercise their right to opt-in^[19]
  7. If any private financial information has been shared under the Fair Credit Reporting Act, federal implementing regulations, and the Vermont Fair Credit Reporting Act^[19]
  8. The financial institution's policies regarding protecting consumer financial information^[19]
  9. If any information has been shared using exceptions authorized under the regulation^[19]
• If a financial institution chooses to revise its privacy policy, it must still abide by the initial notice it sent to customers until customers are notified of the changes or if the customers gives consent since the changes^[19]
• Notifications must be delivered to customers in writing unless the customer has given consent to receiving the notifications electronically^[19]

Article III

• Consumers have the ability to partially opt-in, which means that they can pick and choose what information they give consent to the financial institution to share^[19]
• If a financial institution receives information form another, unaffiliated party, the institution is allowed to re-disclose the information if it is to parties affiliated to the unaffiliated party they received the information from, if it is to their own affiliated parties, of if they receive permission from the consumer^[19]
• Unless the financial institution is disclosing information to a consumer reporting agency, the institution is not allowed to share account information to parties that would use the information for marketing purposes^[19]

Article IV

• Financial institutions can share their customers' financial information with unaffiliated third parties if the third parties are using the information to carry out services for the institution or if the the third parities are acting on behalf of the institution^[19]
• Financial institutions can disclose a customer information if it is in the interest of enforcing a transaction that the customer authorized or is in connection to^[19]

The Consumer Financial Protection Bureau is an independent regulatory agency within the United State Federal Reserve.^[12] The CFPB promotes fair practice by regulating consumer interactions with financial institutions. Its has complete authority over institutions that do not hold consumer deposits^[12]. For institutions that hold consumer deposits with $10 million or less in assets, the CFPB only has rule making authority, as authority over enforcement remains with other financial regulators.^[12] As part of its enforcement powers, the CFPB can initiate investigations, issue subpoenas, hold hearings, and hand out fines of over a million dollars for violations.^[12] The bureau also has the ability to enforce and make rules regarding any existing federal financial privacy laws.^[12]

The Federal Trade Commission is an independent regulatory agency responsible for protecting consumers and competition.^[20][21] In 1995, the FTC became involved with privacy regulation. At the beginning, the agency promoted self regulation as they encouraged companies to produce their own privacy policies that the FTC would help enforce. The FTC believed that simply backing companies' policies would help legitimize the policies and give the policies credibility and importance in the eyes of consumers.^[21] However, as privacy became an increasingly prevalent problem, the FTC evolved into the de facto authority over consumer privacy. Although it was never explicitly stated that the FTC would have power over consumer privacy regulations, Congress allowed the FTC more and more responsibilities beginning in the late 1990s.^[21] Settlements that the agency made would also become considered as de facto common law. Eventually the FTC, in general, gained the power to create privacy regulations and implement protections against fraudulent activities.^[12]

The FTC deals with noncompliance through civil litigation, criminal litigation, and administrative enforcement actions.^[12] Enforcement actions begin with complaints or claims against a company. The FTC has power to conduct investigations and can issue subpoenas as well as compel companies to provide reports under oath. The agency also has the power to issue fines for violations.^[12] The FTC only uses its full enforcement powers if any violations they discover are considered major. For most minor violations, the FTC will likely help companies identity and fix any problems contributing to noncompliance.^[12]