There is a federal law that affords consumers significant say over the pri­vacy of their financial information while still allowing financial institu­tions to share information for normal business purposes. This Act covers banks, savings and loan institutions, credit unions, insurance companies, securities firms, and even some retail­ers and automobile dealers that extend or make arrangements for consumer credit.

There may be more forms of personal information gathered by the  institutions than you realize. They may have credit reports and records of how much you buy and borrow, where you shop, and how well or poorly you pay your bills on time.

The Act protects your financial pri­vacy in three basic ways: First, in a privacy notice, the institution must tell you what kinds of information it collects and the types of businesses that may be provided with it. Institutions must send out a privacy notice once a year. Second, if the institution is going to share your information with anybody outside its corporate family, it must give you the opportunity to “opt out” of that kind of information sharing. The third layer of protection requires the institutions to describe how they will go about protect­ing the confidentiality and security of your information may not be the kind of mail you rip open with eager anticipation, but you should take the time to look it over carefully all the same. Somewhere in the formal verbiage you should look especially for these items:
What kinds of information may be shared, both with affiliated companies and with outsiders? Don’t expect great specificity on this in the notice itself. The Act requires only a description of basic categories of information, with some examples.

What information can you not pre­vent your financial institution from sharing? Recognizing some circum­stances in which the institutions should be allowed to share financial informa­tion with outsiders without the con­sumer’s consent, the Act does not al­low you to stop the sharing of informa­tion that is needed to help conduct nor­mal business (such as for outside firms that process data or mail statements); to protect-against-fraud or unauthorized  transactions; to comply with a court order, or to comply with a “joint marketing agreement” entered into with another institution.

How do you go about “opting out” of the sharing of information of outside entities? Sounds simple enough, but the institution may require you to exercise this option by calling a specific phone number or by completing a form and mailing it to a particular address. If you opt out by phone, to be safe you may want to follow up with a written version, -keeping ^copy-for your records.