Bureau of Consumer Financial Protection updates Regulation P to implement legislation amending Gramm-Leach-Bliley Act
Changes will ease burden on financial institutions and reduce risk of consumer confusion
The Bureau of Consumer Financial Protection (Bureau) today finalized amendments to implement legislation that allows financial institutions that meet certain requirements to be exempt from sending annual privacy notices to their customers.
The Gramm-Leach-Bliley Act (GLBA) generally requires that financial institutions send annual privacy notices to customers. These notices must describe the privacy practices of financial institutions, including whether and how they share customers’ nonpublic personal information. If the institution shares this information with unaffiliated third parties in ways other than specified by the GLBA, the institution typically must notify customers of their right to opt out of having their information shared and inform them how to do so.
In December 2015, Congress amended the GLBA as part of the Fixing America’s Surface Transportation Act (FAST Act). This amendment to the GLBA provides financial institutions that meet certain conditions an exemption to the requirement under the GLBA to deliver an annual privacy notice. A financial institution can use the annual notice exception if it limits its sharing of customer information so that the customer does not have the right to opt out, and has not changed its privacy notice from the one previously delivered to its customer. The rule issued by the Bureau today implements this legislation and establishes deadlines for institutions resuming annual privacy notices if their practices change and they therefore cease to qualify for the exemption.
The final rule issued today is available at: https://files.consumerfinance.