This is Bank of America's official privacy notice explaining what personal financial data they collect — including your account balances, transaction history, credit scores, and income — and who they share it with. The most important thing to know is that Bank of America shares your financial data with both its affiliated companies and nonaffiliated third-party marketing partners, and you can opt out of some — but not all — of this sharing. To limit sharing with nonaffiliated third parties for marketing purposes, you can call 1-888-341-5000 or visit your account settings online.
This document is Bank of America's US Consumer Privacy Notice, governing the collection, use, and sharing of personal financial information under the Gramm-Leach-Bliley Act (GLBA) and applicable state privacy laws, including the California Consumer Privacy Act (CCPA). The notice discloses that Bank of America collects categories of personal information including account balances, transaction history, credit history, and income data, and shares this information with affiliates and certain nonaffiliated third parties for joint marketing and everyday business purposes. Notably, the document provides consumers with limited opt-out rights for certain sharing practices — specifically sharing with nonaffiliated third parties for marketing and sharing among affiliates for marketing — but explicitly states that consumers cannot opt out of sharing necessary for everyday business purposes, which encompasses a broad range of third-party disclosures. The notice engages the GLBA Privacy Rule (16 CFR Part 313), CCPA (Cal. Civ. Code §1798.100 et seq.), and federal financial privacy regulations enforced by the CFPB and OCC; California residents receive enhanced rights including the right to know, delete, and opt out of sale of personal information. Material compliance considerations include ensuring opt-out mechanisms are operational and accessible, that joint marketing agreements with nonaffiliated partners are documented under GLBA, and that CCPA-required response timelines (45 days) are met for verified consumer requests.
🔒 Institutional analysis locked
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Upgrade to Professional — $149/moCross-platform context
See how other platforms handle Categories of Personal Information Collected and similar clauses.
Compare across platforms →Bank of America added a mandatory arbitration clause to its Deposit Agreement. Here's what it means, how to opt out, and the deadline.