This law regulates financial institutions' use of client information. The client entering into a binding accord with a financial institution must be informed of the purpose of providing his financial information to said entity.
Disclosure authorizations given by clients must be certified in a written document. Authorizations may be revoked at any given moment. If it is found that there is no legal basis for an entity to hold a particular piece of information, this should be deleted immediately after the regulator's warning. Only those financial entity officers involved in the transaction of credit services may access clients' personal information. Breach of these guidelines may result in civil court procedures, where penalties will be determined by a judge on a case by case basis.