Many readers questioned me about the Wall Street Journal article this week entitled, “Facebook to Banks: Give Us Your Data, We’ll Give you Our Users.”

The questions and comments ranged from “Can they really do this?” to “This is outrageous!”

Without getting into a legal analysis, there are laws that banks have to follow when disclosing our personal information to third parties. The most well-known law applicable to banks is the Gramm-Leach-Bliley Act (GLBA). If you want to know more about GLBA, google it.

In response to the many comments and questions I received, the Privacy Tip this week centers on how one can limit banks from sharing personal information with third parties. In general, consumers do not have the ability to limit banks from sharing our personal information with other banks, credit card companies and their affiliates, and other third party companies providing products and services to banks. This basically means that banks can data dump all of their customers’ information with affiliated credit card companies, loan servicing operations, third parties offering mortgages, etc., etc.

Any entity that provides credit to you, including banks and credit card companies, is required by GLBA to send a Notice of Privacy Practices to its customers once a year. When you receive the notice in the mail, turn to the last page, which will have a chart on it that outlines the choices consumers have to limit the sharing of their data under GLBA. There is only one area where we can limit data sharing—that is between the bank and a third party not affiliated with it, but that may offer products and services to the consumer. This is typical marketing.

In order to limit banks from disclosing our data to unaffiliated third parties, we have to opt-out of data sharing. Many people don’t realize that our data is automatically shared by banks and other credit companies unless specifically told not to share it.

If you want to limit banks and other credit companies from sharing your data with unaffiliated third parties which is the only choice you have for limiting the disclosure, when you receive the Notice of Privacy Practices once a year, turn to the back page, call the 1-800 number listed in the notice, and choose “yes” when asked if you want to limit the sharing of your personal information.