On May 6, the Consumer Financial Protection Bureau (CFPB) announced a proposed rule that would amend the annual privacy notice requirement under the Gramm-Leach-Bliley Act (GLBA). Under the proposal, financial institutions would be granted the option to deliver the annually-required privacy disclosure electronically, if they meet certain other requirements.
Currently, financial institutions are required to deliver an annual and initial privacy notice under the GLBA as well as certain notices that are required when the financial institution shares personal information with third parties. As of now, financial institutions mail these individual notices to consumers, which is costly and may result in an inundation of information for consumers. The CFPB's proposal would allow financial institutions to discontinue mailing the required annual notice, if they post the notice on their website and if the financial institution's practices meet certain other criteria outlined below.
The proposed rule has not been published in the Federal Register as of May 7, 2014, but will open for comments for 30 days after publication occurs.
Specifically, financial institutions would be permitted to use the electronic posting method so long as the following is true: (1) the financial institution does not share the customer's non-public personal information with non-affiliated third parties in a manner that triggers GLBA opt-out rights; (2) the financial institution does not include on its annual privacy notice an opt-out notice under the Fair Credit Reporting Act (FCRA); (3) the financial institution's annual privacy notice is not the only notice provided that satisfies section 624 of the FCRA; (4) the information included in the privacy notice has not changed since the customer received the previous notice; and (5) the financial institution uses the model notice provided by Regulation P.