The Right to Privacy Act, Financial Institutions and Records

The Right to Financial Privacy Act or the RFPA for short is a federal privacy law that was passed by the U.S. government in 1978 and went into effect in March of 1979. Much like the Privacy Act of 1974 and the 2014 FISMA Law, the RFPA established the specific regulations and procedures that U.S. federal government agents and employees must follow when looking to obtain personal information from a financial institution in relation to a consumer’s financial documents or records. Moreover, the RFPA also outlines the regulations that financial institutions must abide by when providing the financial information of consumers to federal government authorities at their request. Furthermore, the RFPA also mandates the types of information that must be provided to consumers in instances in which the federal government seeks to access their financial information.

Why was the Right to Privacy Act needed?

Before the passing of the RFPA in 1978, American citizens were not entitled to be notified when their financial information or records were turned over to government authorities, and had no right to challenge such government access when it occurred. However, this all changed with the landmark case United States v. Miller (425 U.S. 435 (1976). The case of United States v. Miller hinged upon the federal government’s use of financial information and records in the context of criminal investigations, without providing notice to American citizens in relation to the access to these records. More specifically, Mitch Miller of Georgia was being investigated by the Alcohol, Tobacco, and Firearms Bureau or ATF, as well as the U.S. Treasury Department in relation to an undocumented whiskey distillery that he had been alleged running.

During the course of the ATF and U.S. Treasury Department’s joint investigation, the federal agencies requested access to Miller’s bank account information and transaction history on the basis of a grand jury subpoena. Miller challenged the legality of such a request, and the case made it all the way to the U.S. Supreme Court, with the Court ultimately ruling that “the records belong to the institution rather than the customer; therefore, the customer has no protectable legal interest in the bank’s records and cannot limit government access to those records”. As a result of this legal situation and decision, the RFPA was passed to regulate similar situations that might occur in the future.

What are the requirements that federal agencies must follow when accessing a consumer’s financial records?

Under the RFPA, federal agencies looking to access to copies of a consumer financial records from a financial institution must achieve one of the following conditions:

• Obtain an authorization, signed and dated by the customer, that identifies the records, the reasons the records are being requested, and the customer’s rights under the act.
• Obtain an administrative summons or subpoena.
• Obtain a search warrant.
• Obtain a judicial subpoena.
• Obtain a formal written request from another government agency. This condition is only deemed valid if no other administrative summons or subpoena authority is available at the time of the request.

What’s more, a financial institution is prohibited from releasing a consumer’s financial information or records until the applicable government agency said information or records provide written certification confirming that they have complied with the relevant provisions of the RFPA. Additionally, financial institutions must also maintain detailed records of all instances in which a consumer’s financial information or records have been disclosed to a particular government agency in accordance with the consent and authorization of the said consumer. These records must include “the date, the name of the government authority, and an identification of the records disclosed”. Consumers are also afforded the right to inspect these records under the provisions of the RFPA.

While the RFPA generally protects the financial information and records of American citizens in the context of government access or disclosure, there are certain exceptions to the law. For example, instances in which a consumer’s financial information is “Requested by a government authority subject to a lawsuit involving the bank customer (The records may be obtained under the Federal Rules of Civil and Criminal Procedure. Conversely, another exception to the law in instances in which financial records are “Requested by the Government Accountability Office for an authorized proceeding, investigation, examination, or audit directed at a federal agency”.

What are the penalties for non-compliance under the RFPA?

Under the RFPA, American citizens are entitled to collect civil liabilities from government agencies that fail to comply with the law. “These penalties include (1) actual damages, (2) $100, regardless of the volume of records involved, (3) court costs and reasonable attorney’s fees, and (4) such punitive damages as the court may allow for willful or intentional violations”. Alternatively, “. A financial institution that relies in good faith on a federal agency’s certification may not be held liable to a customer for the disclosure of financial records”. Under the RFPA, consumers are entitled to bring legal action against applicable parties up to three years after the date of the violation, or the date on which the violation in question was discovered.

The passing of the RFPA in 1978 was a turning point in American history as it pertains to both legalities as well as personal privacy. Prior to the passing of the RFPA, government agencies had the authority and jurisdiction to access the financial records of American citizens at their own discretion. While such power and authority were deemed acceptable at previous points in U.S. history, a government agency having such power in our current digital age would undoubtedly be troublesome to many. To this end, American citizens can rest assured that the federal government will not be able to access their financial records and information without first providing consent, or in the absence of a justifiable reason under the law.