On July 1, the CFPB issued a proposed rule to amend Regulation P, which implements the Gramm-Leach-Bliley Act (GLBA) and requires, among other things, financial institutions to provide their customers with an annual notice that describes their privacy policies and procedures. The proposed amendment would implement a December 2015 statutory change in Section 75001 of the “Fixing America’s Surface Transportation Act” (FAST Act). Pursuant to the FAST Act, the GLBA was amended so that financial institutions meeting certain criteria no longer need to send annual privacy notices. The CFPB’s recently issued proposed rule would amend Regulation P to implement the GLBA amendment. The CFPB’s proposed rule would further amend Regulation P to (i) provide timing requirements for the delivery of annual privacy notices for a financial institution that may originally qualify for the annual notice exception but then later changes its policies or practices so that it no longer meets the exception criteria; (ii) remove the Regulation P provision that allows financial institutions to post privacy notices online because the CFPB “believes the alternative delivery method will no longer be used in light of the annual notice exception”; and (iii) make a technical correction to one of its definitions.
- How-to guide How-to guide: How to determine and apply relevant US privacy laws to your organization (USA)
- How-to guide How-to guide: How to establish a valid lawful basis for processing personal data under the GDPR (UK)
- Checklist Checklist: Complying with cookie requirements under the PECR and the GDPR (UK)