Bank of America · Bank of America Privacy Notice · View original document ↗

Types of Personal Information Collected

Medium severity High confidence Explicitdocumentlanguage Rare · 1 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Bank of America Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Bank of America collects and may share highly sensitive financial identifiers including your Social Security number, full transaction history, account balances, credit history, and employment information.

This analysis describes what Bank of America's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The scope of data collected is broad and includes information that, if improperly handled or disclosed, could facilitate identity theft or financial harm.

Clause Stability Stable

0
Changes
3
Months Monitored
May 9, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

Your most sensitive financial identifiers, including your Social Security number and complete transaction history, are within the scope of data that Bank of America collects and shares under the categories described in this notice.

How other platforms handle this

Strava Medium

We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Garmin Medium

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...

See all platforms with this clause type →

Monitoring

Bank of America has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number and account balances, payment history and transaction history, credit history and employment information.

— Excerpt from Bank of America's Bank of America Privacy Notice

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Collection and use of Social Security numbers is regulated under various federal and state frameworks including the Privacy Act (for government contexts), state SSN protection laws, and GLBA's data safeguards rule. The CFPB oversees data collection practices at consumer financial institutions. State laws in California, New York, and other jurisdictions impose specific restrictions on SSN collection, display, and sharing. GOVERNANCE EXPOSURE: Medium. The breadth of data types collected is consistent with large financial services institutions, but the explicit enumeration of SSNs, credit history, and employment information in the shareable data categories creates compliance obligations across multiple regulatory frameworks. Data minimization and purpose limitation principles under state laws may constrain how broadly this data can be used. JURISDICTION FLAGS: California's CCPA and CFIPA impose specific requirements on the collection and use of sensitive personal information including SSNs and financial account information. New York's SHIELD Act requires reasonable data security for private information including SSNs and financial account numbers. Compliance programs should ensure state-specific controls are in place for each data type. CONTRACT AND VENDOR IMPLICATIONS: Any vendor or affiliate receiving data that includes SSNs or financial account information should be subject to data processing agreements that include security, access control, and deletion obligations consistent with applicable state and federal requirements. COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a data inventory mapping each collected data type to its authorized sharing categories and applicable legal basis. Particular attention should be given to SSN handling given the heightened regulatory and security obligations associated with this data type across multiple jurisdictions.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • CFPB
    The CFPB oversees data collection and safeguard practices at consumer financial institutions under GLBA and the Consumer Financial Protection Act
    File a complaint →
  • FTC
    The FTC has jurisdiction over unfair or deceptive data collection practices and enforces the GLBA Safeguards Rule for certain financial entities
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FCRA
United States Federal
FTC Act Section 5
United States Federal
GLBA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
TCPA
United States Federal
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Bank of America Privacy Notice
Entity
Bank of America
Document last updated
May 5, 2026
Tracking information
First tracked
April 27, 2026
Last verified
May 9, 2026
Record ID
CA-P-007248
Document ID
CA-D-00054
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
1d4e65e734a0b2e8cc01b0312c42f36950c5e1ea1c03ab56dfa173a8ebefa627
Analysis generated
April 27, 2026 11:40 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Bank of America
Document: Bank of America Privacy Notice
Record ID: CA-P-007248
Captured: 2026-04-27 11:40:46 UTC
SHA-256: 1d4e65e734a0b2e8…
URL: https://conductatlas.com/platform/bank-of-america/bank-of-america-privacy-notice/types-of-personal-information-collected/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Bank of America's Types of Personal Information Collected clause do?

The scope of data collected is broad and includes information that, if improperly handled or disclosed, could facilitate identity theft or financial harm.

How does this clause affect you?

Your most sensitive financial identifiers, including your Social Security number and complete transaction history, are within the scope of data that Bank of America collects and shares under the categories described in this notice.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.

Is ConductAtlas affiliated with Bank of America?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bank of America.