On October 20, 2014, the Consumer Financial Protection Bureau (“CFPB”) finalized a new rule that will permit some financial institutions to deliver the annual privacy notice required by the Gramm-Leach-Bliley Act by publishing the notice on its website. The new rule applies only to financial institutions whose information sharing practices are such that the financial institution is not required to provide its customers with notice of their right to opt-out of certain information sharing. The new rule also requires that financial institutions use the model form provided in Regulation P and does not apply where a financial institution makes changes to its annual privacy notice that were not included in a previous notice to a customer.
The new rule also requires that a financial institution that chooses to rely on the online disclosure method must continuously post the annual privacy notice in a clear and conspicuous manner on a page of its website that does not require a login or agreement to any conditions to access. Further, the financial institution must provide consumers with an annual reminder of the availability of the privacy notice. This reminder may be included on a regular consumer communication, such as a monthly billing statement or account statement. The reminder must inform customers that the annual privacy notice is available on the financial institution’s website and that customers may call a phone number provided in the annual reminder to request that the financial institution mail a copy of the annual notice. Where a customer requests a mailed copy of the annual notice, the financial institution must mail the notice within ten days of the request.