The opt-out notice requirement under the Gramm–Leach–Bliley Act (GLBA) comes from the Privacy Rule , specifically the statutory section 15 U.S.C. § 6802(b) , and is implemented in the federal regulations at 12 C.F.R. § 1016.10 (formerly 12 C.F.R. § 216.10 for banking agencies).

Core legal hook

  • The statutory GLBA provision that establishes the consumer’s right to opt out of certain sharing of nonpublic personal information with nonaffiliated third parties is 15 U.S.C. § 6802(b). This is the section that effectively requires an opt-out mechanism and thus drives the opt-out notice requirement.
  • That statute is implemented through the Privacy of Consumer Financial Information regulations, where the detailed opt‑out notice requirements are laid out in 12 C.F.R. § 1016.7 (privacy notice content) and 12 C.F.R. § 1016.10 (opt out) , including form, timing, and methods for opting out.

Where the “opt‑out notice” lives in the regs

  • Under the CFPB’s Regulation P, Subpart A – Privacy and Opt Out Notices , the rules describe:
    • When a privacy notice (including opt-out information) must be given.
    • When a separate opt‑out notice is required and what it must contain.
  • 12 C.F.R. § 1016.10(a) ties the obligation directly to the GLBA opt‑out right: if a financial institution shares nonpublic personal information with certain nonaffiliated third parties, it must first provide a clear and conspicuous notice describing the right to opt out and a reasonable means to exercise it.

Plain‑language “quick scoop”

  • Statute: 15 U.S.C. § 6802(b) = the GLBA section that says consumers must be allowed to opt out of certain information sharing with nonaffiliated third parties.
  • Regulations: 12 C.F.R. § 1016.10 (with related content in § 1016.7) = the detailed rules that say how and when to give the opt‑out notice, and what “reasonable means/opportunity” looks like.
  • In practice, compliance teams often cite both:
    • “GLBA § 502(b), 15 U.S.C. § 6802(b)” for the legal right.
    • “Regulation P, 12 C.F.R. § 1016.10” for the operational opt‑out notice requirements.

If you need to quote it in a policy

For most policies, something like this formulation is used (adapt to your institution):

“This program implements the opt‑out notice requirements of GLBA § 502(b), 15 U.S.C. § 6802(b), and the Privacy Rule at 12 C.F.R. § 1016.10, governing consumers’ right to opt out of certain disclosures of nonpublic personal information to nonaffiliated third parties.”

TL;DR: The section of GLBA that requires the opt‑out notice is 15 U.S.C. § 6802(b) , implemented by the opt‑out provisions in 12 C.F.R. § 1016.10 under the GLBA Privacy Rule.

Information gathered from public forums or data available on the internet and portrayed here.