Regulation S-P, S-AM, AND S-IDS-P (17 CFR Part 248)

Subpart A — Privacy of Consumer Financial Information and Safeguarding Personal Information

Rule 1 — Purpose and scope.

Rule 2 — Model privacy form; rule of construction.

Rule 3 — Definitions.

Privacy and Opt Out Notices

Rule 4 — Initial privacy notice to consumers required.

Rule 5 — Annual privacy notice to customers required.

Rule 6 — Information to be included in privacy notices.

Rule 7 — Form of opt out notice to consumers; opt out methods.

Rule 8 — Revised privacy notices.

Rule 9 — Delivering privacy and opt out notices.

Limits on Disclosures

Rule 10 — Limits on disclosure of nonpublic personal information to nonaffiliated third parties.

Rule 11 — Limits on redisclosure and reuse of information.

Rule 12 — Limits on sharing account number information for marketing purposes.


Rule 13 — Exception to opt out requirements for service providers and joint marketing.

Rule 14 — Exceptions to notice and opt out requirements for processing and servicing transactions.

Rule 15 — Other exceptions to notice and opt out requirements.

Relation to Other Laws; Effective Date

Rule 16 — Protection of Fair Credit Reporting Act.

Rule 17 — Relation to State laws.

Rule 18 — Effective date; transition rule.

Rule 19 — through Rule 29 [Reserved]

Rule 30 — Procedures to safeguard customer records and information; disposal of consumer report information.

Rule 31 — through Rule 100 [Reserved]

Appendix A to Subpart A of Part 248—Forms

Subpart B–Regulation S-AM: Limitations on Affiliate Marketing

Rule 101 –– Purpose and scope.

Rule 102 — Examples.

Rule 103 – Rule 119 [Reserved]

Rule 120 — Definitions.

Rule 121 — Affiliate marketing opt out and exceptions.

Rule 122 — Scope and duration of opt out.

Rule 123 — Contents of opt out notice; consolidated and equivalent notices.

Rule 124 — Reasonable opportunity to opt out.

Rule 125 — Reasonable and simple methods of opting out.

Rule 126 — Delivery of opt out notices.

Rule 127 — Renewal of opt out elections.

Rule 128 — Effective date, compliance date, and prospective application.

Appendix to Subpart B of Part 248—Model Forms

Subpart C Regulation S-ID: Identity Theft Red Flags

Rule 201 — Duties regarding the detection, prevention, and mitigation of identity theft.

Rule 202 — Duties of card issuers regarding changes of address.

Appendix A to Subpart C of Part 248—Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation