TN 1 (09-91)

GN 03360.050 Right to Financial Privacy

A. Policy

1. Scope

The Right to Financial Privacy Act (RFPA) of 1978, governs SSA's obtaining financial records or information about a customer of a financial institution. Financial institutions are:

  • banks,

  • savings and loan associations,

  • building and loan associations,

  • credit unions,

  • consumer finance institutions,

  • industrial loan companies, and

  • credit card issuers.

These financial institutions can be located in any State of the U.S., the District of Columbia, Puerto Rico, Guam, American Samoa or the Virgin Islands.

2. Requesting Information

All requests for information from financial institutions must be made with the full authorization of the individual, as required by the law. See section B below for the procedure for obtaining authorization.

A general authorization (Form SSA-8510) is not sufficient in this situation. The appropriate document to obtain consent from the individual about financial business is Form SSA-4641-U2. It specifies the financial information which SSA may request. See GN 03360.999, Exhibit 7 (Authorization for the Social Security Administration to Obtain Account Records From a Financial Institution).

3. Redisclosure

RFPA restricts SSA's redisclosure of financial information.

a. Requests from Federal agencies

  • Generally, information may be redisclosed to another Federal agency or department only if SSA can certify in writing that there is reason to believe that the information is relevant to a legitimate law enforcement inquiry within the jurisdiction of the agency or department. (There are a few exceptions to this rule.) Also, redisclosure must be permitted by other policies governing disclosure for law enforcement purposes.

  • Any questions about whether a requester is, or represents, a Government authority are to be referred to OP, OR. That office will either explain the basis for withholding or certify the records to the requester and send a copy of the certification with a statement of rights to the affected individual.

OP, OR also resolves questions about the propriety of releasing information about a customer obtained from a financial institution.

b. Other Requests

Requests for financial information from other sources should be treated as FOIA requests. However, such requests will normally be denied under Exemption 6 of the FOIA (Invasion of Privacy).

B. References

1. Use of SSA-4641

A financial institution will not release records or information to SSA without Form SSA-4641-U2 (Authorization for the Social Security Administration to Obtain Account Records from a Financial Institution). See SI 01140.200B.5. for instructions on completing this form.

2. SSA's Reporting Requirements

SSA's reporting requirements under the RFPA are explained in the AIMS Guide, General Administration, Chapter 14.07.09.