Generally, the Gramm-Leach-Bliley Act (GLBA) requires that financial institutions send annual privacy notices to customers. However the new rule, which was proposed in May, allows financial institutions to post privacy notices online instead of distributing an annual paper copy, if they satisfy certain conditions such as not sharing data in ways that would trigger consumers’ opt-out rights. The new rule applies to both banks and those non-banks that are within the CFPB’s jurisdiction under the GLBA. Institutions that choose to rely on this new method of delivering privacy notices will be required to use the model disclosure form developed by federal regulatory agencies in 2009.
Also, if an institution qualifies for and wants to rely on the online disclosure method, it will have to inform consumers annually about the availability of the disclosures. Previously, institutions were required to send consumers a separate communication about privacy disclosures. The new rule allows institutions to include a notice on a regular consumer communication, such as a monthly billing statement for a credit card, letting consumers know that the annual privacy notice is available online and in paper by request at a provided telephone number. If an institution chooses not to use the new disclosure method, it will need to continue to deliver annual privacy notices to its customers using other delivery methods.
The Bureau is finalizing the rule largely as it was proposed in May, with a number of technical, clarifying, and minor revisions. The rule will be effective immediately upon publication in the Federal Register.
To stay up to date on regulatory trends and news, frequently visit our blog. TRC Interactive also offers online, interactive training on various compliance related topics. To learn more, contact us at firstname.lastname@example.org or (800) 222-9909.
The final rule is available at: http://files.consumerfinance.gov/f/201410_cfpb_final-rule_annual-privacy-notice.pdf.