Which regulatory agencies enforce this type of clause?

{'agency': 'CFPB', 'reason': 'The CFPB enforces GLBA privacy rules (12 CFR Part 1016) for banks and oversees permissible data sharing practices under the everyday business purposes exception.', 'complaint_url': 'https://www.consumerfinance.gov/complaint/'}

What is the severity of this clause?

ConductAtlas classifies this Everyday Business Purposes Sharing — No Opt-Out clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Everyday Business Purposes Sharing — No Opt-Out — Bank of America

Share 𝕏 Share in Share 🔒 PDF

What it is

Bank of America shares your personal financial data for what it defines as 'everyday business purposes' — including with credit bureaus and in response to legal investigations — and you have no right to stop this sharing.

Consumer impact (what this means for users)

Your account data, transaction history, and credit information will be shared with credit bureaus, legal authorities, and other third parties for business operations regardless of your preferences — this sharing cannot be limited.

Cross-platform context

See how other platforms handle Everyday Business Purposes Sharing — No Opt-Out and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This clause covers a broad and loosely defined category of sharing that consumers cannot opt out of, meaning significant third-party disclosure of your financial data occurs without your ability to object.

View original clause language

For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus — we share your personal information. You cannot limit this sharing.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision is anchored in GLBA 15 U.S.C. §6802(e), which carves out exceptions to opt-out rights for disclosures necessary to effect transactions requested by consumers, comply with legal process, and report to consumer reporting agencies. The CFPB (12 CFR Part 1016) and OCC (12 CFR Part 40) govern GLBA compliance for national banks. Disclosures to consumer reporting agencies additionally implicate the Fair Credit Reporting Act (FCRA) 15 U.S.C. §1681 et seq.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

CFPB

The CFPB enforces GLBA privacy rules (12 CFR Part 1016) for banks and oversees permissible data sharing practices under the everyday business purposes exception.
File a complaint →

Provision details

Document information

Document

Bank of America Privacy Notice

Entity

Bank of America

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003315

Document ID

CA-D-00054

Evidence Provenance

Source URL

https://www.bankofamerica.com/privacy/consumer-privacy-notice.go

Wayback Machine

View archived versions →

SHA-256

1d4e65e734a0b2e8cc01b0312c42f36950c5e1ea1c03ab56dfa173a8ebefa627

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Bank of America | Document: Bank of America Privacy Notice | Record: CA-P-003315
Captured: 2026-04-27 11:40:46 UTC | SHA-256: 1d4e65e734a0b2e8…
URL: https://conductatlas.com/platform/bank-of-america/bank-of-america-privacy-notice/everyday-business-purposes-sharing-no-opt-out/
Accessed: May 2, 2026

Classification

Severity

Medium

Everyday Business Purposes Sharing — No Opt-Out