You can limit certain sharing of your financial data by phone, online, or mail, but Bank of America may share your data for 30 days before your opt-out takes effect if you are a new customer, and sharing may continue after you close your account.
This analysis describes what Bank of America's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision operationalizes the opt-out mechanism by designating specific contact methods and establishing procedural timelines for when opt-out requests become effective. This structures how customers exercise control over information sharing practices and clarifies the temporal window during which the bank continues standard sharing practices regardless of customer status.
If you are a new customer, your information may be shared for up to 30 days before any opt-out you submit takes effect, and even after you close your Bank of America account, certain sharing may continue under the terms of this notice.
How other platforms handle this
Request to opt out of the processing of your personal data for tailored advertising. For more information about our processing for these purposes, see the section 'Tailored advertising controls' below. You can exercise your right to opt out through the 'Tailored Ads' setting. If you do not have an a...
You have the right to opt out of the sale or sharing of your personal information. To exercise this right, you can click the 'Do Not Sell or Share My Personal Information' link available on our website, or submit a request through our privacy rights portal. We will process your opt-out request withi...
Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or port your data, the right to restrict or object to processing, and where processing is based on consent, the right to withdraw consent at any time. California resi...
Monitoring
Bank of America has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"To limit our sharing: Call us at 1-888-341-5000 — our menu will prompt you through your choices. Visit us online: bankofamerica.com/privacy. Mail the form below. If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice.— Excerpt from Bank of America's Bank of America Privacy Notice
REGULATORY LANDSCAPE: Regulation P (12 CFR Part 1016) permits financial institutions to begin sharing new customer information after 30 days from notice delivery if the customer does not opt out, which is the framework reflected in this provision. The CFPB enforces these timing requirements. Post-relationship sharing is also addressed in Regulation P, which generally permits continued sharing of information obtained during the customer relationship. GOVERNANCE EXPOSURE: Medium. The 30-day delay and post-closure sharing provisions are standard GLBA-compliant terms, but they create a practical window during which consumer data may flow before opt-out protections activate. Operationally, the bank must ensure opt-out elections submitted during the 30-day window are honored before sharing begins where feasible. JURISDICTION FLAGS: California residents may have rights under CCPA to request deletion of personal information, which could interact with the post-closure sharing provision described here. Legal teams should evaluate whether CCPA deletion requests can effectively halt post-relationship data flows and how the bank's processes handle this intersection. CONTRACT AND VENDOR IMPLICATIONS: Contracts with third-party marketers and affiliates should address data use and deletion obligations that align with opt-out elections and post-relationship data retention limits. Vendor agreements should be reviewed to confirm that opt-out signals are communicated and honored downstream. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the operational workflow for opt-out processing to confirm that elections are honored within regulatory timeframes, that new customer notices are delivered as required, and that post-closure data flows are limited to the purposes disclosed in this notice. The online opt-out mechanism at bankofamerica.com/privacy should be tested periodically for functionality.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision operationalizes the opt-out mechanism by designating specific contact methods and establishing procedural timelines for when opt-out requests become effective. This structures how customers exercise control over information sharing practices and clarifies the temporal window during which the bank continues standard sharing practices regardless of customer status.
If you are a new customer, your information may be shared for up to 30 days before any opt-out you submit takes effect, and even after you close your Bank of America account, certain sharing may continue under the terms of this notice.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bank of America.