• CFPB Finalizes Rule on Annual Privacy Notices
  • January 16, 2015 | Author: Robert L. Carothers
  • Law Firm: Jones Walker LLP - Mobile Office
  • On October 20, the Consumer Financial Protection Bureau ("CFPB") announced that it had finalized a rule to allow financial institutions that meet certain requirements to post their privacy policies online in lieu of mailing annual privacy notices to their customers.

    The Gramm-Leach-Bliley Act generally requires a financial institution to send an annual privacy notice to its customers summarizing its privacy policies and practices. Under the current rules, a financial institution must mail out this annual notice even if it does not share customer information with third parties. This results in increased costs associated with printing and mailing such notices.

    The CFPB's final rule allows financial institutions to post privacy notices online instead of mailing an annual paper copy if certain conditions are met, such as not sharing customer data in a way that would trigger the customer's opt-out rights under the privacy rules. Financial institutions that utilize the new method for delivering privacy notices will be required to use the model disclosure form developed by the federal banking agencies in 2009. Further, financial institutions that utilize the new method will be required to notify customers annually about the availability of the privacy notice and of their right to request a paper copy. This notice can be included with a regular customer communication, such as an account statement. If a customer requests a paper copy, the financial institution must mail the notice within 10 days of receiving the request. The rule becomes effective immediately upon publication in the Federal Register.