Privacy disclosure statements let you opt out of info sharing


You may not even notice the privacy notices you get in the mail every year from your credit card issuer. It's so easy to mistake them for junk mail that you may have tossed them out without even looking at them. 

If that sounds like you, listen up. Carefully reading those privacy notices -- and acting on their choice to opt out of your financial institution's information-sharing practices -- is something you may want to put on your to-do list. 

"Anyone who has all the financial products they need for now and wants to stop getting so many marketing offers -- or who has privacy concerns about sharing their credit card transaction details -- should take the steps described on the notices to opt out," says credit card expert Beverly Harzog, author of "Confessions of a Credit Junkie: Everything You Need to Know To Avoid the Mistakes I Made."

When to opt out of information sharing by your credit card issuer

Liz Weston, syndicated financial columnist and author of "Deal With Your Debt: Free Yourself From What You Owe," agrees. "The fewer databases in which your financial information is kept, the fewer opportunities there are for bad guys to compromise it," she says. "I know I can't completely eliminate my risk of identity theft, but if I can lower my risk, I'll do it. Opting out of information sharing is one way to do that." 

A legal mandate for full disclosure
Just what are these privacy disclosure notices, and why should you consider opting out of the information-sharing options they detail? These consumer letters became a legal requirement for financial institutions after passage of the Gramm-Leach-Bliley Financial Modernization Act of 1999.

The act included a financial privacy rule requiring financial institutions to send its customers a privacy notice -- once when a customer relationship is established, and then annually thereafter. Under a rule finalized Oct. 20, 2014, banks that don't share your information in ways that trigger the law's opt-out requirement can skip the annual mailing requirement. They may post the policy online instead of mailing it. See "Rule makes privacy statements more meaningful."

"As banks and credit unions began offering a wider range of products -- from mortgages to investments to credit cards -- they began internally sharing information about their customers," says Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse. For instance, a company might share customer data with other branches of the company for sales and account-servicing reasons. In other cases, financial companies made deals to share customer data (as they still do) with outside companies for similar reasons.

Before Gramm-Leach-Bliley, it was a free-for-all. Your contact information could be, and was, sold to nonafilliated third parties at the discretion of the financial institution, resulting in a lot of unwanted marketing. The act trimmed that back, allowing companies to continue share your financial information -- until you opt out of that sharing. (A few states, including California, forbid information sharing unless the customer opts in.

What your privacy statement tells you
Typical privacy notices list the main types of information-sharing performed by your credit card issuer. You can opt out of some, but not all, of these shares. 

For instance, federal law gives financial institutions (and their "affiliates," which are other companies under their corporate umbrella) the right to disclose any information about your account needed for "everyday business purposes." That includes processing your account through internal or outside services, reporting information to credit bureaus, and responding to legal requests such as court orders.

"You can't ask your credit card issuer to stop sharing that kind of information, and your privacy statement clearly states that," says Weston. In addition, your credit card company is allowed to access your customer information to market its other products and services to you. You can't limit that either, she says. 

The fewer databases in which your financial information is kept, the fewer opportunities there are for bad guys to compromise it.

-- Liz Weston
Financial columnist and author

Where you do have some control: when your credit card issuer wants to share more detailed information about you -- your creditworthiness, your specific transaction history, etc. -- with either affiliates (related companies) or nonaffiliates (outside companies). You can opt out of those info-shares, and with them, cut out unwanted mailers and other marketing activity you may not want.

Your card issuer may also disclose that it shares your data with organizations with which it has some kind of joint-marketing agreement. "In general, that term 'joint marketing' is a bit of a loophole for the companies," says Stephens. 

He says it's very hard to define when your card issuer is truly collaborating with another firm versus simply allowing an outside company access to your information to pitch products to you. Some companies allow you to opt out of "joint-marketing" sharing, others don't. Your privacy statement will tell you if you have the choice.

"Whenever it's allowed, you definitely want to opt out of them sharing your information with any nonaffiliated third parties, since that could potentially include data brokers, marketing companies and related businesses," says Stephens.

A good example of why this could matter, says Stephens: A marketing company with access to your credit card transactions could assemble a pretty clear picture of you. That would include where you shop, where you travel, medical providers you've seen and how much you spend each month.

"If they can determine that you're either a dollar-store bargain shopper or a higher-end Nordstrom customer, who's to say they won't market a product or service to you at a completely different price, depending on what they think you're willing to pay?" Stephens says. 

You may want to opt out of having your information shared with affiliates simply to cut down on junk mail. For instance, it's common for card-issuing banks to have an affiliated investment company. If the affiliate sees you're a high spender on your credit card, it might start courting your business. 

How to opt out of info sharing
Every financial institution's privacy statement is a little different, so read them carefully to be sure you know what information they share, which types you can decline and exactly how to do so. "If you're going to do it, I'd suggest opting out as soon as you get a privacy notice for a new credit card," says Harzog. "After all, once some time passes, your personal information is going to be out there."

If they can determine that you're either a dollar-store bargain shopper or a higher-end Nordstrom customer, who's to say they won't market a product or service to you at a completely different price?

-- Paul Stephens
Privacy Rights Clearinghouse

Weston points out that if you don't opt out of information sharing for a card and then you close that account, the company retains the right to continue sharing your personal information -- even though you're no longer a customer. In that case, you'll need to contact the credit card company directly and ask how to limit your information sharing. You won't get an annual privacy notice from them.

How do you opt out? Those privacy notices -- mailed to you or available on the bank's website -- will outline the process. "In most cases, you call a toll-free number and just follow a bunch of prompts," says Weston. "Other companies may allow you to opt out online or by mail."

"Whatever the company's opt-out procedure is, follow it to the letter," says Stephens. "Don't call if they tell you to mail in a form, and vice versa. If you don't follow their steps exactly, it could invalidate your request."

If I've already opted out of a financial institution's privacy options, do I need to ever opt out again? Only if you get a notice that its information-sharing options have changed. If you have more than one account with the same institution, you may have to opt out once for each account.
I already opted out. Why do I continue to get a privacy notice from my credit card company every year? Federal law requires financial companies to send notices to all of their customers once a year, even if you've already gone through the steps to limit information sharing.
Can I only opt out at a specific time of year? No, you can opt out any time.
Will opting out limit the number of prescreened credit offers I get in the mail? No, that's a separate process managed by the credit reporting agencies, says Stephens. To opt out of prescreened credit and insurance solicitations, go to
Will opting out of sharing my information make it hard for me to get other financial products in the future? "Absolutely not. By law, companies are not permitted to penalize you for opting out," says Jared Ihrig, general counsel for the Credit Union National Association. "Your future credit options are determined only by your own creditworthiness."

See related: 6 ways to outsmart data brokers, Health care companies turn to 'big data', Do predictive scores violate your privacy?

Updated: October 21, 2014

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Follow Us

Updated: 10-25-2016

Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.