Regulation S-P was enacted by the Securities and Exchange Commission (“SEC”) in response to the privacy provisions of the Gramm-Leach-Bliley Act. Such provisions required the SEC and certain other federal agencies to adopt privacy rules which impose requirements and restrictions on a financial institution’s ability to disclose nonpublic personal information about its customers to non-affiliated third parties. The Commodity Futures Trading Commission (“CFTC”) has proposed privacy rules substantially similar to Regulation S-P. Regulation S-P and the CFTC’s proposed privacy rules collectively are referred to herein as the “Privacy Rules.” Compliance with Regulation S-P is mandatory by July 1, 2001, while the CFTC’s rules are scheduled to become mandatory by December 31, 2001.

This advisory reviews:

- What are the General Requirements of the Privacy Rules?
- Which Financial Institutions are Subject to the Privacy Rules?
- Who are “Consumers” and “Customers” Protected by the Privacy Rules?
- What is Nonpublic Personal Information?
- Who is Considered a Non-Affiliated Third Party?
- What Must a Financial Institution’s Privacy Policy Notice Contain?
- What are the Privacy Policy Notice Delivery Requirements?
- Are There Other Privacy Rules Applicable to Financial Institutions?