As a product of the CFPB’s Streamlining Initiative to reduce unnecessary or unduly burdensome regulations,” the CFPB announced a proposal in May to change the requirements for GLBA notices under certain circumstances.
A quick reminder on what Reg P is:
“Regulation P, implementing provisions of the Gramm-Leach-Bliley Act, requires financial institutions to provide annual privacy notices to customers describing the institution’s information sharing practices and explain how a consumer can opt out of the sharing of their information when applicable.”
The proposed changes would allow “financial institutions” (FI) under the GLBA to use the alternate (electronic) method of delivering annual privacy notices if:
(1) The FI doesn’t share a customer’s nonpublic personal information (NPI) with nonaffiliated third parties that trigger opt-out rights;
(2) The FI does not include on its annual privacy notice an opt-out notice under section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act (FCRA)
(3) The FI’s annual privacy notice is not the only notice provided to satisfy the requirements of section 624 of the FCRA;
(4) the information included in the privacy notice has not changed since the customer received the previous notice; and
(5) The FI uses the model form provided in the GLBA’s implementing Regulation P.
But, generally, paper notices would still need to be mailed if there are changes in the FI’s privacy practices OR if the FI engages in information-sharing activities where a consumer has an opt-out right.
As the CFPB suggests, these changes may benefit both industry and consumers alike. It may save financial institutions large sums of money, as generating the notices, paper and snail mail isn’t cheap. The question is whether it will make a significant difference to consumers. Surely I can’t be the only one admits to quickly recycling my notices…
The deadline for comments is July 14, 2014.