Bank’s Public Disclosure of Customer Data Didn’t Violate Right to Financial Privacy Act
The Right to Financial Privacy Act prohibits banks from “provid[ing] to any Government authority access to . . . or the information contained in” customer financial records, except under certain specified conditions, and grants a private right of action to customers to enforce the prohibition. Last week, in Brackfield & Assocs. P’ship, et al. v. Branch Banking & Tr. Co., the Sixth Circuit rejected a customer’s attempt to sue its bank under the RFPA where the bank had accidentally made the customer’s records public.
The plaintiff argued that the bank’s accidental inclusion of its records in a public filing made them available to the government (among others) and thereby violated the RFPA. In an unpublished—and therefore technically non-binding—opinion, the Sixth Circuit rejected this “imaginative statutory argument,” holding that general public disclosure did not constitute “provid[ing]” records to the government and that, in the context of the entire statute, the phrase “access to” was limited to situations where government authorities were actually attempting to obtain customer records. Therefore, the court concluded that plaintiff was not injured-in-fact under the statute and affirmed dismissal.
Notwithstanding the Sixth Circuit’s narrow interpretation of the RFPA in this case, institutions should continue to guard carefully against accidental leaks of customer information to avoid RFPA and other potential liability.