Think FAST: CFPB proposes amendment to GLBA Privacy Rule

At the end of 2015, Congress passed the Fixing America's Surface Transportation Act or “FAST Act,” a transportation funding bill. Buried hundreds of pages in, the bill included a short-but-sweet amendment to the Gramm-Leach-Bliley Act (GLBA) titled “Eliminate Privacy Notice Confusion.” As we discussed last year, the amendment eliminated the annual privacy notice requirement for some companies.

The FAST Act became effective immediately upon passage. However, the CFPB's Regulation P (i.e., the implementing regulation of the GLBA Privacy Rule) still reflected the pre-amended version of the law. In other words, the GLBA changed with the FAST Act, but the regulations did not change. This created a confusing inconsistency for financial institutions—comply with the law or comply with the regulations. As we noted in December, “[T]he CFPB (and other federal agencies) will need to amend their respective regulations to include this exception.”

Last week, the CFPB addressed the inconsistency and proposed an amendment to Regulation P implementing the FAST Act changes. As expected, the amendment provides that financial institutions are not required to deliver an annual privacy notice if the financial institution: (i) only shares nonpublic personal information with nonaffiliated third parties under a permitted GLBA exception (i.e., the company does not provide an opt-out right); and (ii) has not changed information sharing practices since the last-delivered notice. The amendment will become effective 30 days after a final rule is published.

In addition to the substantive changes to the GLBA, there are two interesting takeaways. The first is that the CFPB reacted relatively quickly (at least by Washington D.C. standards) to the change in the law. When the FAST Act passed, many in the industry feared we would be left with a long-term or perpetual inconsistency between the GLBA and Regulation P.

The second takeaway is that the CFPB and Congress identified a bad law and fixed it. Several years ago, the CFPB pinpointed the annual privacy notice requirement as unnecessarily burdensome for many companies, especially those that do not share consumer information outside of the GLBA exceptions. In 2014, the CFPB amended the rules allowing some companies to post annual privacy notices online. Now, following the implementation of the FAST Act, the CFPB further eased the regulatory burden (and, interestingly, the proposed rule removes the 2014 changes).

This is a good development for many in the financial services industry.

Register now for your free, tailored, daily legal newsfeed service.

Think FAST: CFPB proposes amendment to GLBA Privacy Rule
Blog Consumer Finance Report

Filed under

Topics

Laws

Organisations

Popular articles from this firm

Fighting Attorney Fee Demands for Dismissals in Florida *

What is the Difference Between Direct Lending and Indirect Lending? *

BACK TO BASICS, Continued—Have We Talked Lately About Record Keeping? *

Recovering Bankruptcy Attorneys Fees and Guide to Filing Notice of Post-Petition Mortgage Fees, Costs, & Expenses *

Back to Basics, Continued—so what is the Total Sale Price disclosure anyway? *

More from Consumer Finance Report

BACK TO BASICS, Continued—Safeguarding Consumer Information, Again

BACK TO BASICS, Continued—Equal Credit Opportunity Again!

BACK TO BASICS, Continued—Revising the Contract When the Servicemember Invokes Protection Under the Servicemembers Civil Relief Act (SCRA)

BACK TO BASICS, Continued—Is a Charge Assessed to the Consumer for Use of a Debit Card a Finance Charge?

Getting Your Stuff in Order

Related practical resources PRO

Related research hubs