Bank of America Privacy Notice

This document is Bank of America's US Consumer Privacy Notice, governed primarily by the federal Gramm-Leach-Bliley Act (GLBA), which requires financial institutions to explain their information-sharing practices and provide consumers with opt-out rights for certain categories of sharing. The notice states that Bank of America collects personal information including Social Security numbers, account balances, transaction history, credit history, income, and employment data, and the terms authorize sharing this information with affiliates for everyday business purposes, marketing, and joint marketing with financial companies, as well as with nonaffiliates under certain conditions. The notice permits sharing with affiliates for everyday business purposes and joint marketing without offering an opt-out, while reserving opt-out rights only for affiliate marketing use and sharing with nonaffiliated third parties for their marketing purposes; notably, the policy asserts that sharing for everyday business purposes with both affiliates and nonaffiliates cannot be limited by consumers, which is consistent with GLBA baseline requirements but means consumers have limited control over broad categories of data sharing. The document engages the GLBA and its implementing Regulation P, administered by the CFPB for consumer financial products, and California residents may have additional rights under the California Consumer Privacy Act (CCPA) and the California Financial Information Privacy Act (CFIPA), though the document's primary legal framework is federal GLBA compliance. Material compliance considerations include ensuring that opt-out mechanisms are operationally functional and clearly communicated, that joint marketing partner agreements meet GLBA standards, and that California-specific supplemental disclosures are maintained separately and consistently with state law requirements.