Summary: Proposed Rule
Consumer Financial Protection Bureau
Amendment to the Annual Privacy Notice Requirement under Gramm-Leach-Bliley
Prepared by NASCUS Legislative and Regulatory Affairs Department
The Consumer Financial Protection Bureau (CFPB) is proposing to amend Regulation P, which requires, among other things, that financial institutions provide an annual notice describing their privacy policies and practices to their customers. The proposal would implement a December 2015 statutory amendment to the Gramm-Leach-Bliley Act (GLBA) providing an exception to this annual notice requirement for financial institutions that meet certain conditions.
The complete proposed rule may be found here.
Comments must be received by the CFPB within 30 days of the proposal’s publication in the Federal Register.
Exception to Annual Privacy Notice Requirement
Proposed Section 1016.5(e)(1) of Regulation P (which implements new Section 503 of GLBA) would provide an exception from the annual privacy notice requirement for financial institutions that meet certain conditions.
- 1016.5(e)(1)(i) notes that in order for a financial institution to qualify for the Section 503 exception to annual privacy notice requirements, the financial institution must not share nonpublic personal information about customers except as otherwise provided.
- 1016.5(e)(1)(ii) states that in order for a financial institution to qualify for the Section 503 exception to annual privacy notice requirements, the financial institution must not have changed its policies and practices with regard to disclosing nonpublic personal information from those that the institution disclosed in the most recent privacy notice sent.
Alternative Delivery Method for Providing Certain Annual Notices
Currently, Regulation P provides for an “alternative delivery method” that allows financial institutions that meet certain conditions to provide an annual privacy notice to customers electronically instead of by U.S. Postal mail.
The Bureau has proposed to eliminate the alternative delivery method option because financial institutions that satisfy the requirements for the alternative delivery method would also satisfy the requirements for the annual privacy notice exception. The Bureau believes that in those instances, a financial institution will opt to take advantage of the exception from the notice requirement.