Non-Public Personal Information under Regulation P

D

Under Regulation P, financial institutions are required to protect the privacy of their customers' personal information. "Nonpublic personal information" (NPI) refers to any personally identifiable financial information that is not publicly available. This includes information such as a customer's Social Security number, account numbers, credit scores, income, and payment history.

Of the options given, option B and D are correct. Option B states that any list or grouping of consumers that is derived using personally identifiable financial information that is not publicly available is considered nonpublic personal information. This means that if a financial institution creates a list of customers who have a particular type of account or who meet certain criteria, this information is considered NPI and must be protected under Regulation P.

Option D is also correct, as it includes both option B and option C. While government records may contain some personally identifiable financial information, they are generally considered public records and are not subject to Regulation P.

It's important for financial institutions to properly identify and safeguard NPI, as failure to do so can result in significant legal and financial consequences. Financial institutions must provide customers with notices explaining their privacy policies and practices, and customers have the right to opt out of certain types of sharing of their NPI.