The CFPB has issued a proposed amendment to the Gramm-Leach-Bliley Act to conform its regulations on privacy notice requirements to last winter’s legislation that provides banks meeting certain requirements an exemption from sending an annual privacy notice. To do so, the bureau is withdrawing its 2014 rulemaking providing an alternative delivery method for the notices.
Under GLBA, banks are generally required to send annual notices to customers detailing whether and how their nonpublic personal information is shared, and provide a way for customers to opt-out of having their information shared with unaffiliated third parties. In December, Congress passed a law ending the requirement to mail an annual notice, provided that they have not changed their policies and practices on the disclosure of nonpublic information since the previous notice was sent, and that they do not share non-public personal information with third parties, unless required by law.
In addition to implementing the change, the CFPB’s proposed amendment establishes deadlines for institutions resuming annual privacy notices if they cease to qualify for the exemption.
View the proposed amendment.