Amendment to the Annual Privacy Notice Requirement Under the Gramm-Leach-Bliley Act (GLBA) (Regulation P)

Summary

 

· The Consumer Financial Protection Bureau (CFPB) is proposing to amend Regulation P to provide an alternative delivery method for the annual privacy notice, which credit unions would be able to use under certain circumstances.

· Credit unions that do not engage in certain types of information-sharing activities would be allowed to stop mailing an annual privacy notice if they post the annual notice on their website and meet the following conditions:

     o The credit union does not share the consumer’s nonpublic personal information with non-affiliated third parties in a manner that triggers GLBA opt-out rights;

     o The credit union does not include an opt-out notice under the Fair Credit Reporting Act’s (FCRA) Affiliate Sharing Rule on its annual privacy notice;

     o The credit union’s annual privacy notice is not the only notice provided to satisfy the requirements of the FCRA Affiliate Marketing Rule;

     o The information included in the annual privacy notice has not changed since the member received the previous notice; and

     o The credit union uses the model privacy notice disclosure form contained in Regulation P.

· A credit union would still be required to use the currently required mailing method for delivery of the privacy notice if the credit union has changed its privacy practices or engages in information-sharing activities for which members have a right to opt out.

· To use the proposed alternative delivery method, credit unions would have to insert a clear and conspicuous statement at least once per year on a notice or disclosure the credit union issues under any other provision of law announcing that: the annual privacy notice is available on the credit union’s website; it will be mailed to customers who request it by calling a toll-free telephone number; and it has not changed.

· Credit unions would also be required to continuously post the annual privacy notice in a clear and conspicuous manner on a page of its website, without requiring a login or similar steps to access the notice.

· To assist members with limited or no access to the internet, credit unions would have to mail annual privacy notices promptly to members who request them by phone.

Comments are due to the CFPB on July 14, 2014. All comments may be filed directly with www.regulations.gov, identified by docket number CFPB-2014-0010. Comments may also be mailed or hand delivered to Monica Jackson, Office of the Executive Secretary, Consumer Financial Protection Bureau, 1700 G. Street, NW, Washington, D.C. 20552. Please submit comments to CUNA by July 3, 2014.

For more information about this proposed rule, contact CUNA Deputy General Counsel Mary Dunn or Associate General Counsel Lance Noggle.

Click here for the proposal.