Federal Regulators Release Customizable Version of Model Privacy Notice

The GLBA statute and the privacy rules issued thereunder by the above agencies impose obligations on “financial institutions” with regard to “nonpublic personal information.” Institutions subject to GLBA are required to provide initial and annual notices regarding their privacy policies to customers, and must allow their customers to opt out of having their nonpublic personal information shared in certain ways. Financial institutions are also required to provide the notice and opt-out opportunity to “consumers” who are not their customers before sharing their nonpublic personal information.

The customizable form, called the Online Form Builder, was issued jointly by the Board of Governors of the Federal Reserve System (FRB), Commodity Futures Trading Commission (CFTC), Federal Deposit Insurance Corporation (FDIC), Federal Trade Commission (FTC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), Office of Thrift Supervision (OTS), and Securities and Exchange Commission (SEC). The agencies had first issued the Model Privacy Notice regulation on November 17, 2009, culminating a rulemaking process initiated more than six years earlier.  However, until April 15, no fillable PDF or other customizable version of the Model Privacy Notice was available. The Online Form Builder was developed by the FRB and is available on the FRB’s website.

The Online Form Builder allows a user to choose the version of the Model Privacy Notice that fits its particular information collection and sharing practices. To obtain the safe harbor, institutions must follow the instructions in the Model Privacy Notice regulation when using the Online Form Builder.

Authored by Elizabeth Khalil.