Effective October 28, 2014, financial institutions can avoid the compliance costs associated with mailing annual privacy notices by posting such notices online if certain conditions are met. The CFPB has amended Regulation P, the regulation that implements the Gramm-Leach-Bliley Act privacy provisions, to provide this relief.

This alternative delivery method is available for annual privacy notices if:

  1. no opt-out rights are triggered by the financial institution’s information sharing practices1;
  2. the information included in the privacy notice has not changed since the last notice; and
  3. the financial institution uses the model form provided in Regulation P as it annual privacy notice.

A financial institution must continuously post the annual privacy notice in a clear and conspicuous manner on a page  of its website without requiring a login or similar steps or agreement to any conditions to access the notice. Also, annual notices must be mailed to customers who request them by telephone within 10 days of the request. Finally, the financial institution must notify customers that the annual privacy notice is available online through a clear and conspicuous statement inserted at least once per year on an account statement, coupon book, or a notice or disclosure the institution issues under other provisions of law.