New FTC Privacy Disclosure Rules

The CPA Journal, July 2001 | Go to article overview
Save to active project

New FTC Privacy Disclosure Rules

On November 12, 1999, President Clinton signed into law the Gramm-Leach-Bliley Act, Public Law 106-102 (captioned Disclosure of Non-- public Personal Information). This act requires financial institutions to provide their customers with an annual notice of their privacy policies and practices and also prohibits financial institutions from disclosing nonpublic personal information about a client to nonaffiliated third parties, unless the financial institution meets various disclosure and opt-out requirements, and the customer has not elected to opt out of the disclosure.


The Federal Trade Commission (FTC) concluded that the act applies to accountants engaged in the business of completing income tax returns and financial planners. Practitioners that are not "significantly" engaged in preparing personal tax returns or financial planning are not subject to these FTC regulations. Generally speaking, as a financial institution, a CPA firm involved in income tax preparation or financial planning must describe its privacy policies and practices with respect to information sharing with both affiliates and nonaffiliated third parties, including a client's right to opt out of disclosures to nonaffiliated third parties that are not otherwise permitted by law. (Affiliate refers to any company that controls, is controlled by, or is under common control with another company.)

The FTC's final rule was adopted on May 24,2000, and became effective on November 13, 2000; however, full compliance with the disclosure and customer opt-out requirements of the act was delayed until July 1, 2001. Privacy notices are not required for business clients because the act is limited to individuals that obtain a financial product or service from a financial institution to be used only for personal, family, or household purposes.

The FTC expects an initial privacy disclosure notice to be delivered to existing clients no later than July 1, 2001. New clients must be given an initial privacy notice no later than the time the person becomes a client. In addition, all clients must receive an annual privacy notice. The FTC rules provide some flexibility on the timing of annual notices. If an initial privacy notice is given to a client during 2001, then the first annual notice to that client must be given by December 31, 2002, and each subsequent annual notice must be given within 12 months. No annual notice is required for an individual who ceased being a client, and a single notice addressed to husband and wife joint clients is satisfactory, unless separate notices are requested.

Although the initial and annual privacy notices are required to be issued to clients, CPA firms that do not share or reserve the right to share a client's nonpublic personal information with nonaffiliated third parties are not required to include opt-out notices. Nor is an opt-out notice required for disclosures that are authorized by law.

CPAs, however, are generally held to a higher standard under applicable codes of professional conduct. ET 301 of both the AICPA and NYSSCPA's Codes of Professional Conduct generally prohibits a CPA from disclosing confidential client information to any party (including affiliates and nonaffiliated third parties) without the client's specific consent for such disclosure. Furthermore, IRC section 7216 prohibits paid tax preparers from disclosing tax return information without the client's consent, other than for the specific purpose of preparing, assisting in preparing, or obtaining and providing services in connection with preparing any income tax return of the taxpayer.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Cite this article

Cited article

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

New FTC Privacy Disclosure Rules


Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?