For Banks: A Tool for Building Privacy Notices

This section of the site is designed for financial institutions themselves, rather than consumers. Our online database leverages annual GLBA privacy notices we automatically collected and parsed, as described in the "About" section of this website, as well as in greater detail in an academic paper we wrote about our project.

We at Carnegie Mellon University's CUPS lab have also designed a free tool to help your institution prepare its privacy disclosure! By answering the questions listed below, you will provide us enough information to automatically generate an HTML privacy notice for you following the guidelines of the model privacy notice. After you answer the questions, you will be taken to a page consisting of your privacy notice. We format notices using HTML5 and CSS. The notice we generate is self-contained; the CSS (stylesheet) is embedded in the HTML file itself. You simply need to use your browser to "Save page as." This option is normally found in a browser's "File" menu. Please let us know if you find our tool useful or have improvements to suggest. Note that this tool is still in beta testing; please report on any issues you find!

As you and your colleagues work to prepare the privacy notice for your institution, we also encourage you to reference the Federal Trade Commission's GLBA guidance pages, particularly guidance related to compliance, legal requirements, and writing effective privacy notices. In addition, the full full documentation of the model privacy form is invaluable.

---

Please answer the following questions so that we can generate a privacy notice for your institution. This tool is currently under construction. You can try it out now to see how it works, but there are still a few components missing. We'll take this notice down after everything is working and we have tested it.

1. What is the name of the financial institution providing the notice? (It can also be a common identity of affiliated institutions jointly providing the notice.)
       
2. What is your institution's contact phone number? Consumers will be instructed to call this phone number with questions or to opt out of sharing, if applicable.
       
3. Is the phone number you listed in the previous question a toll-free number?
       Yes  No
4. What is your institution's website URL? Consumers will be instructed to visit this website with questions or to opt out of sharing, if applicable.
       
5. What types of personal information does your institution collect and share? Note that you must choose at least five. Even if you choose more than five, only five will be displayed.
   

   Income	Account balances	Payment history
   Transaction history	Transaction or loss history	Credit history
   Credit scores	Assets	Investment experience
   Credit-based insurance scores	Insurance claim history	Medical information
   Overdraft history	Purchase history	Account transactions
   Risk tolerance	Medical-related debts	Credit card or other debt
   Mortgage rates and payments	Retirement assets	Checking account information
   Employment information	Wire transfer instructions

6. Please select the actions by a customer that lead your institution to collect the customer's personal information. Note that you must choose at least five. Even if you choose more than five, only five will be displayed.
   

   Open an account	Deposit money
   Pay your bills	Apply for a loan
   Use your credit or debit card	Seek financial or tax advice
   Apply for insurance	Pay insurance premiums
   File an insurance claim	Seek advice about your investments
   Buy securities from us	Sell securities to us
   Direct us to buy securities	Direct us to sell your securities
   Make deposits or withdrawals from your account	Enter into an investment advisory contract
   Give us your income information	Provide employment information
   Give us your employment history	Tell us about your investment or retirement portfolio
   Tell us about your investment or retirement earnings	Apply for financing
   Apply for a lease	Provide account information
   Give us your contact information	Pay us by check
   Give us your wage statements	Provide your mortgage information
   Make a wire transfer	Tell us who receives the money
   Tell us where to send the money	Show your government-issued ID
   Show your driver's license	Order a commodity futures or option trade

7. Does your institution share customers' personal information for your institution's everyday business purposes, such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus?
       Yes  No
8. As a follow-up to the previous question, can consumers opt out of sharing for your institution's everyday business purposes?
       Yes  No
9. Does your institution share customers' personal information for your institution's own marketing purposes, such as to offer your institution's own products and services to consumers?
       Yes  No
10. As a follow-up to the previous question, can consumers opt out of sharing for your institution's own marketing purposes?
        Yes  No
11. Does your institution share customers' personal information for joint marketing with other financial companies?
        Yes  No
12. As a follow-up to the previous question, can consumers opt out of sharing for joint marketing with other financial companies?
        Yes  No
13. Please list example categories of your joint marketing partners (e.g., "companies such as credit card companies").
        
14. Does your institution have affiliates, which are companies related by common ownership or control? (They can be financial and nonfinancial companies.)
        Yes  No
15. Does your institution share information about customers' transactions and experiences for affiliates' everyday business purposes?
        Yes  No
16. As a follow-up to the previous question, can consumers opt out of your institution sharing their transactions and experiences for affiliates' everyday business purposes?
        Yes  No
17. Does your institution share information about customers' creditworthiness for affiliates' everyday business purposes?
        Yes  No
18. As a follow-up to the previous question, can consumers opt out of your institution sharing their creditworthiness for affiliates' everyday business purposes?
        Yes  No
19. Does your institution wish to omit the row of the sharing table about sharing customers' personal information for affiliates to market to them? If so, at least one of the following four statements also must be true: 1) your institution does not have affiliates; 2) your institution does not disclose customers' personal information to its affiliates; 3) your institution's affiliates do not use personal information in a manner that requires an opt-out; 4) your institution provides the affiliate marketing notice separately.
        Yes  No
20. Does your institution share personal information about customers for affiliates to market to them?
        Yes  No
21. As a follow-up to the previous question, can consumers opt out of your institution sharing their personal information to affiliates to market to them?
        Yes  No
22. If there is a name of a common corporate identity your institution shares with affiliates, please state it here. Otherwise, leave this field blank.
        
23. If your affiliates include other financial companies, please give illustrative examples of those companies here. Otherwise, leave this field blank.
        
24. If your affiliates include other nonfinancial companies, please give illustrative examples of those companies here. Otherwise, leave this field blank.
        
25. If your affiliates include other companies that you wish to name, please give illustrative examples of those companies here. Otherwise, leave this field blank.
        
26. If there is a name of a common corporate identity your institution shares with affiliates, please state it here. Otherwise, leave this field blank.
        
27. Does your institution share personal information about customers for nonaffiliates (nonaffiliated third parties) to market to them?
        Yes  No
28. As a follow-up to the previous question, can consumers opt out of your institution sharing their personal information to nonaffiliates to market to them?
        Yes  No
29. Please list the categories of nonaffiliated third parties (e.g., mortgage companies, insurance companies, direct marketing companies, and nonprofit organizations) with which your institution shares for marketing purposes.
        
30. Does your institution wish to omit the "Who is providing this notice" section? You may do so only when one financial institution is providing the notice and that institution is identified in the title.
        Yes  No
31. To explain to consumers who is providing this notice, state the common corporate name or other readily identifiable name that is also used for the title and various headings of the model form as the "name of financial institution" and either (a) identify the entities jointly providing the notice; or (b) for institutions with a lengthy list of entities jointly providing the notice, identify the general types of entities in the response and identify the entities at the end of the form following the "Other important information" box, or, if that box is not incorporated into the form, following the "Definitions" or on an additional page.
        
32. If you wish to give additional information about how you protect customer information, please state it here. This information may include information about the the institution's use of cookies or other measures it uses to safeguard personal information. Note that you are limited to 30 words. If you do not wish to give additional information, leave this field blank.
        
33. If you optionally wish to provide additional information in the "Other important information" box, please list it here. Only the following types of information can appear in this box: (1) State and/or international privacy law information; and/or (2) Acknowledgment of receipt form.
        
34. On what date has this notice been revised?