consent through an opt-in process.
The California Attorney General considers “a broad array
of businesses” to be subject to the GLBA and FIPA including, for example, “retailers that issue
their own credit cards directly to consumers, real estate appraisers, mortgage brokers, career
counselors in the finance area, check printing businesses, and accountants who prepare tax
returns.”
Advertising Laws
Background
On of our banking sector interviewees noted that potential legal liability under advertising
laws, particularly Regulation DD, would be a likely concern for financial institutions considering
partnering on CalAccount.
Relevant Laws, Policy, and Guidance
Advertising and marketing in the U.S. are subject to federal, state, and local laws and
regulations.
For example, Regulation DD (12 CFR 230), which implements the Truth in
Savings Act and applies to all depository institutions, requires uniform disclosures to enable
consumers to make informed decisions about their accounts at depository institutions.
With
respect to advertising and marketing, Regulation DD imposes requirements on any commercial
message that promotes deposit accounts, regardless of the medium used. Requirements include
that commercial messages not be misleading or inaccurate, that terms like “no cost” cannot be
States including California, Oregon, Montana, Utah, Colorado, Texas, Iowa, Indiana, Tennessee, Virginia,
Connecticut, and Delaware have also implemented more general consumer privacy laws. International Association
of Privacy Professionals (IAPP). (n.d.). US State Privacy Legislation Tracker. Retrieved from
https://iapp.org/resources/article/us-state-privacy-legislation-tracker/. For example, the California Consumer Privacy
Act of 2018, Cal. Civ. Code §§ 1798.100-1798.199 (2018) provides that “[a] business that controls the collection of
a consumer’s personal information” must inform consumers of the categories of personal information being
collected and used, the purposes for which the personal information are being collected and used, and the length of
time the business intends to retain each category of personal information. The CCPA also gives consumers the right
to delete personal information collected, subject to exceptions. A second privacy act, the California Privacy Rights
Act, took effect in 2023. This Act provides consumers with the right to limit the use and disclosure of sensitive
personal information collected about them and the right to correct inaccurate personal information that a business
has about them. In addition, California and every other state in the U.S. has enacted a data breach notification law,
which require businesses as well as governmental entities to notify individuals of security breaches that involve
personally identifiable information. National Conference of State Legislatures (NCSL). Security Breach Notification
Laws. Retrieved from: https://www.ncsl.org/technology-and-communication/security-breach-notification-laws.
California Attorney General’s Office, "Your Financial Privacy Rights."
https://oag.ca.gov/privacy/facts/financial-privacy/rights.
Interview with banking industry and services expert (Participant 108(.
Miller, Craig, Harold P. Reichwald, and Charles Washburn Jr., "Top 5 Legal Considerations for FinTech
Advertising," in JDSupra.
Federal Reserve, Truth in Savings, Board of Governors of the Federal Reserve. As of February 1, 2024:
https://www.federalreserve.gov/boarddocs/caletters/2009/0914/09-14-attachment.pdf.