We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

CFPB Finalizes Rule to Ease GLBA Privacy Notice Requirements

Michael Epshteyn

22 October 2014
The Consumer Financial Protection Bureau (CFPB) has finalized a proposed rule that will eliminate the need for certain financial institutions to mail annual privacy notices to their customers, so long as the institutions publish their privacy notices online and engage only in limited sharing of customer information. 
CFPB Finalizes Rule to Ease GLBA Privacy Notice Requirements

As we previously reported, to be able to rely on the online posting method to satisfy privacy notice requirements under the Gramm-Leach-Bliley Act (GLBA), a financial institution must:

  • Use the federal model privacy form adopted by federal regulators under GLBA;
  • Not engage in information sharing that triggers customer opt-out rights under GLBA (i.e., sharing with unaffiliated third parties outside of certain exceptions) or Section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act (i.e., sharing creditworthiness information with affiliates); and
  • Provide customers with an annual disclosure, which can be included in an account statement, coupon book, or other notice or disclosure, that includes the Web address at which the privacy notice can be found, a telephone number for the customer to request a mailed notice, and a statement that the institution’s privacy notice has not changed.

The rule, which will become effective upon publication in the Federal Register, applies to banks and nonbank financial institutions for which the CFPB has rulemaking authority under GLBA (and thus does not extend to financial entities regulated by the Securities and Exchange Commission, the Commodity Futures Trading Commission, or state-regulated insurance companies).

Michael Epshteyn

Loading data