For Banks: A Tool for Building Privacy Notices

This section of the site is designed for financial institutions themselves, rather than consumers. Our online database leverages annual GLBA privacy notices we automatically collected and parsed, as described in the "About" section of this website, as well as in greater detail in an academic paper we wrote about our project.

We at Carnegie Mellon University's CUPS lab have also designed a free tool to help your institution prepare its privacy disclosure! By answering the questions listed below, you will provide us enough information to automatically generate an HTML privacy notice for you following the guidelines of the model privacy notice. After you answer the questions, you will be taken to a page consisting of your privacy notice. We format notices using HTML5 and CSS. The notice we generate is self-contained; the CSS (stylesheet) is embedded in the HTML file itself. You simply need to use your browser to "Save page as." This option is normally found in a browser's "File" menu. Please let us know if you find our tool useful or have improvements to suggest. Note that this tool is still in beta testing; please report on any issues you find!

As you and your colleagues work to prepare the privacy notice for your institution, we also encourage you to reference the Federal Trade Commission's GLBA guidance pages, particularly guidance related to compliance, legal requirements, and writing effective privacy notices. In addition, the full full documentation of the model privacy form is invaluable.



Please answer the following questions so that we can generate a privacy notice for your institution. This tool is currently under construction. You can try it out now to see how it works, but there are still a few components missing. We'll take this notice down after everything is working and we have tested it.
  1. What is the name of the financial institution providing the notice? (It can also be a common identity of affiliated institutions jointly providing the notice.)
        
  2. What is your institution's contact phone number? Consumers will be instructed to call this phone number with questions or to opt out of sharing, if applicable.
        
  3. Is the phone number you listed in the previous question a toll-free number?
        Yes  No
  4. What is your institution's website URL? Consumers will be instructed to visit this website with questions or to opt out of sharing, if applicable.
        
  5. What types of personal information does your institution collect and share? Note that you must choose at least five. Even if you choose more than five, only five will be displayed.
    Income     Account balances     Payment history    
    Transaction history     Transaction or loss history     Credit history    
    Credit scores     Assets     Investment experience    
    Credit-based insurance scores     Insurance claim history     Medical information    
    Overdraft history     Purchase history     Account transactions    
    Risk tolerance     Medical-related debts     Credit card or other debt    
    Mortgage rates and payments     Retirement assets     Checking account information    
    Employment information     Wire transfer instructions         
  6. Please select the actions by a customer that lead your institution to collect the customer's personal information. Note that you must choose at least five. Even if you choose more than five, only five will be displayed.
    Open an account     Deposit money    
    Pay your bills     Apply for a loan    
    Use your credit or debit card     Seek financial or tax advice    
    Apply for insurance     Pay insurance premiums    
    File an insurance claim     Seek advice about your investments    
    Buy securities from us     Sell securities to us    
    Direct us to buy securities     Direct us to sell your securities    
    Make deposits or withdrawals from your account     Enter into an investment advisory contract    
    Give us your income information     Provide employment information    
    Give us your employment history     Tell us about your investment or retirement portfolio    
    Tell us about your investment or retirement earnings     Apply for financing    
    Apply for a lease     Provide account information    
    Give us your contact information     Pay us by check    
    Give us your wage statements     Provide your mortgage information    
    Make a wire transfer     Tell us who receives the money    
    Tell us where to send the money     Show your government-issued ID    
    Show your driver's license     Order a commodity futures or option trade    
  7. Does your institution share customers' personal information for your institution's everyday business purposes, such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus?
        Yes  No
  8. As a follow-up to the previous question, can consumers opt out of sharing for your institution's everyday business purposes?
        Yes  No
  9. Does your institution share customers' personal information for your institution's own marketing purposes, such as to offer your institution's own products and services to consumers?
        Yes  No
  10. As a follow-up to the previous question, can consumers opt out of sharing for your institution's own marketing purposes?
        Yes  No
  11. Does your institution share customers' personal information for joint marketing with other financial companies?
        Yes  No
  12. As a follow-up to the previous question, can consumers opt out of sharing for joint marketing with other financial companies?
        Yes  No
  13. Please list example categories of your joint marketing partners (e.g., "companies such as credit card companies").
        
  14. Does your institution have affiliates, which are companies related by common ownership or control? (They can be financial and nonfinancial companies.)
        Yes  No
  15. Does your institution share information about customers' transactions and experiences for affiliates' everyday business purposes?
        Yes  No
  16. As a follow-up to the previous question, can consumers opt out of your institution sharing their transactions and experiences for affiliates' everyday business purposes?
        Yes  No
  17. Does your institution share information about customers' creditworthiness for affiliates' everyday business purposes?
        Yes  No
  18. As a follow-up to the previous question, can consumers opt out of your institution sharing their creditworthiness for affiliates' everyday business purposes?
        Yes  No
  19. Does your institution wish to omit the row of the sharing table about sharing customers' personal information for affiliates to market to them? If so, at least one of the following four statements also must be true: 1) your institution does not have affiliates; 2) your institution does not disclose customers' personal information to its affiliates; 3) your institution's affiliates do not use personal information in a manner that requires an opt-out; 4) your institution provides the affiliate marketing notice separately.
        Yes  No
  20. Does your institution share personal information about customers for affiliates to market to them?
        Yes  No
  21. As a follow-up to the previous question, can consumers opt out of your institution sharing their personal information to affiliates to market to them?
        Yes  No
  22. If there is a name of a common corporate identity your institution shares with affiliates, please state it here. Otherwise, leave this field blank.
        
  23. If your affiliates include other financial companies, please give illustrative examples of those companies here. Otherwise, leave this field blank.
        
  24. If your affiliates include other nonfinancial companies, please give illustrative examples of those companies here. Otherwise, leave this field blank.
        
  25. If your affiliates include other companies that you wish to name, please give illustrative examples of those companies here. Otherwise, leave this field blank.
        
  26. If there is a name of a common corporate identity your institution shares with affiliates, please state it here. Otherwise, leave this field blank.
        
  27. Does your institution share personal information about customers for nonaffiliates (nonaffiliated third parties) to market to them?
        Yes  No
  28. As a follow-up to the previous question, can consumers opt out of your institution sharing their personal information to nonaffiliates to market to them?
        Yes  No
  29. Please list the categories of nonaffiliated third parties (e.g., mortgage companies, insurance companies, direct marketing companies, and nonprofit organizations) with which your institution shares for marketing purposes.
        
  30. Does your institution wish to omit the "Who is providing this notice" section? You may do so only when one financial institution is providing the notice and that institution is identified in the title.
        Yes  No
  31. To explain to consumers who is providing this notice, state the common corporate name or other readily identifiable name that is also used for the title and various headings of the model form as the "name of financial institution" and either (a) identify the entities jointly providing the notice; or (b) for institutions with a lengthy list of entities jointly providing the notice, identify the general types of entities in the response and identify the entities at the end of the form following the "Other important information" box, or, if that box is not incorporated into the form, following the "Definitions" or on an additional page.
        
  32. If you wish to give additional information about how you protect customer information, please state it here. This information may include information about the the institution's use of cookies or other measures it uses to safeguard personal information. Note that you are limited to 30 words. If you do not wish to give additional information, leave this field blank.
        
  33. If you optionally wish to provide additional information in the "Other important information" box, please list it here. Only the following types of information can appear in this box: (1) State and/or international privacy law information; and/or (2) Acknowledgment of receipt form.
        
  34. On what date has this notice been revised?