As reported here, recent amendments to the annual privacy notice requirement under the Gramm-Leach-Bliley Act (the “GLBA”) contained in the Fixing America’s Surface Transportation (“FAST”) Act eliminated the requirement for financial institutions to provide annual privacy notices under GLBA under certain circumstances. At its spring meeting held April 4, the NAIC Privacy Disclosure (D) Working Group adopted a draft bulletin [available here] and draft amendments to the Model Privacy of Consumer Financial and Health Information Regulation [available here] intended to implement the FAST Act changes to the requirement to provide annual privacy notices.
The GLBA does not preempt state laws that provide greater protection of consumer privacy rights. Therefore, the FAST Act amendment to the GLBA requirement for annual privacy notices presumably did not override state insurance requirements for annual privacy notices, which had been implemented to comply with the requirements of the GLBA as originally enacted, and are now more protective than the GLBA requirements as amended by the FAST Act. The NAIC’s promulgation of the new model bulletin and regulation is a first step in the process to eliminate the burden and cost of annual notices for the insurance industry under certain circumstances.
We will continue to track developments, including the issuance of bulletins and the adoption of regulations reflective of these new models, for the implementation of the FAST Act relief from the annual privacy notice requirement.