Bank of America collects and may share highly sensitive financial identifiers including your Social Security number, full transaction history, account balances, credit history, and employment information.
This analysis describes what Bank of America's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause operationalizes the bank's data collection framework by establishing that the scope of information collection is product-dependent rather than uniform across all customers, thereby defining the informational inputs available to the institution for account management and regulatory compliance purposes.
Your most sensitive financial identifiers, including your Social Security number and complete transaction history, are within the scope of data that Bank of America collects and shares under the categories described in this notice.
Cross-platform context
See how other platforms handle Types of Personal Information Collected and similar clauses.
Compare across platforms →Monitoring
Bank of America has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number and account balances, payment history and transaction history, credit history and employment information.— Excerpt from Bank of America's Bank of America Privacy Notice
REGULATORY LANDSCAPE: Collection and use of Social Security numbers is regulated under various federal and state frameworks including the Privacy Act (for government contexts), state SSN protection laws, and GLBA's data safeguards rule. The CFPB oversees data collection practices at consumer financial institutions. State laws in California, New York, and other jurisdictions impose specific restrictions on SSN collection, display, and sharing. GOVERNANCE EXPOSURE: Medium. The breadth of data types collected is consistent with large financial services institutions, but the explicit enumeration of SSNs, credit history, and employment information in the shareable data categories creates compliance obligations across multiple regulatory frameworks. Data minimization and purpose limitation principles under state laws may constrain how broadly this data can be used. JURISDICTION FLAGS: California's CCPA and CFIPA impose specific requirements on the collection and use of sensitive personal information including SSNs and financial account information. New York's SHIELD Act requires reasonable data security for private information including SSNs and financial account numbers. Compliance programs should ensure state-specific controls are in place for each data type. CONTRACT AND VENDOR IMPLICATIONS: Any vendor or affiliate receiving data that includes SSNs or financial account information should be subject to data processing agreements that include security, access control, and deletion obligations consistent with applicable state and federal requirements. COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a data inventory mapping each collected data type to its authorized sharing categories and applicable legal basis. Particular attention should be given to SSN handling given the heightened regulatory and security obligations associated with this data type across multiple jurisdictions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause operationalizes the bank's data collection framework by establishing that the scope of information collection is product-dependent rather than uniform across all customers, thereby defining the informational inputs available to the institution for account management and regulatory compliance purposes.
Your most sensitive financial identifiers, including your Social Security number and complete transaction history, are within the scope of data that Bank of America collects and shares under the categories described in this notice.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bank of America.