Under the Gramm-Leach-Bliley Act, and under Section 716.10 of the NCUA privacy regulation, a member of a credit union is a "consumer" and has the right to protect her or his financial privacy by "opting out" of the credit union's use of certain information (i.e., the consumer has the right to direct the credit union not to disclose nonpublic personal information about that consumer to a third party that is not affiliated with the credit union).
Corporate America Credit Union (CACU) is not "affiliated" with any of its member credit unions within the meaning of the NCUA regulation, because CACU does not control the member credit union, is not controlled by the credit union, and is not under common control with the credit union.
Section 716.13 (Exception to opt out requirements for service providers and joint marketing) of the NCUA regulation provides an exception that is applicable to CACU's use of nonpublic consumer financial information in the provision of services to its member credit unions. Specifically, Section 716.13 provides that the consumer's right to "opt out" does not apply to information that the member credit union provides to CACU if CACU and the credit union enter into a contractual agreement that "prohibits CACU from disclosing or using the information other than to carry out the purposes for which [the credit union] disclosed the information, including use under an exception in 716.14 [processing and servicing transactions]...in the ordinary course of business to carry out those purposes".
Section 716.11(c) (Information you disclose under an exception) of the NCUA regulation is also significant. This Section restricts the use that CACU, as a nonaffiliated third party to which a credit union discloses nonpublic personal information, can make of that information. CACU abides by those restrictions. Specifically, CACU collects and uses nonpublic personal information only for the servicing and processing of specific transactions. CACU does not disclose any nonpublic personal information to any outside organization for use in marketing. CACU has implemented physical, electronic and procedural safeguards to be sure that its use of such information is appropriately limited. To be sure that such safeguards are effective, CACU periodically reviews each of its operations that has any access to any nonpublic personal information. CACU's compliance with the NCUA privacy regulation enables credit unions to use CACU's transaction processing services without triggering opt-out rights for their members.
CACU has always protected the financial privacy of its member credit unions, and of their members. In order to specify its compliance with the federal statute and regulations, CACU makes the following commitment:
"CACU agrees not to use nonpublic personal information about a member credit union's members for any purpose other than those contemplated by an agreement, schedule or contract executed between CACU and the member credit union, including servicing and processing of transactions in the ordinary course of business."