The CFPB’s proposal creates an option “so circumscribed that it has very little practical value to consumers or financial service providers,” the groups said. Under the proposal, an institution may forgo mailing the annual privacy notice only if the terms have not changed since the previous notice, if it does not share the customer’s personal information in a way that triggers opt-out rights and if the bank uses the federal agencies’ model privacy notice form.
Banks would be required to post their privacy notices online in a continuously accessible place, offer a toll-free number customers can use to request a mailed copy of the notice and notify customers in other required notices where to find it, that it has not changed, and that it will be promptly mailed upon request. The groups said:
[This] requirement to provide a notice about the notice merely substitutes a new burden for the existing burden. [M]any of our members believe that the risks associated with the proposal make it unlikely it will be useful or used. With some adjustments, however, the bureau’s goals can be achieved.
Read the letter.