« FIS Busy SunGard - Need for Vendor Simplicity? | Main | Bankruptcy and Vendor Performance »

What is NPI? Non-Public Personal Information. YES! But what is it... 

Below is what I found on the FTC web site regarding GLBA and defining what is and is not NPI... 

NPI is:

  • any information an individual gives you to get a financial product or service (for example, name, address, income, Social Security number, or other information on an application);
  • any information you get about an individual from a transaction involving your financial product(s) or service(s) (for example, the fact that an individual is your consumer or customer, account numbers, payment history, loan or deposit balances, and credit or debit card purchases); or
  • any information you get about an individual in connection with providing a financial product or service (for example, information from court records or from a consumer report).

NPI does not include information that you have a reasonable basis to believe is lawfully made "publicly available." In other words, information is not NPI when you have taken steps to determine:

  • that the information is generally made lawfully available to the public; and
  • that the individual can direct that it not be made public and has not done so.

For example, while telephone numbers are listed in a public telephone directory, an individual can elect to have an unlisted number. In that case, her phone number would not be "publicly available."

Publicly Available Information Includes:
  • federal, state, or local government records made available to the public, such as the fact that an individual has a mortgage with a particular financial institution.
  • information that is in widely distributed media like telephone books, newspapers, and websites that are available to the general public on an unrestricted basis, even if the site requires a password or fee for access.

Information in a list form may be NPI, depending on how the list is derived. For example, a list is not NPI if it is drawn entirely from publicly available information, such as a list of a lender's mortgage customers in a jurisdiction that requires that information to be publicly recorded. Also, it is not NPI if the list is taken from information that isn't related to your financial activities, for example, a list of individuals who respond to a newspaper ad promoting a non-financial product you sell.

But a list derived even partially from NPI is still considered NPI. For example, a creditor's list of its borrowers' names and phone numbers is NPI even if the creditor has a reasonable basis to believe that those phone numbers are publicly available, because the existence of the customer relationships between the borrowers and the creditor is NPI.

Putting It All Together:

Examples of Nonpublic Personal Information (in list form)

  • list of a retailer's credit card customers
  • list of a payday lender's customers
  • list of auto loan customers merged with list of car magazine subscribers

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>