Some regulatory relief: Rule amending GLBA annual notice requirements proposed

Jesse Johnston Iowa Banking Law Dickinson Law Des Moines, Iowa

Posted on 07/14/2016 at 12:00 AM by Jesse Johnston

In December of 2015, President Obama signed the “Fixing America’s Surface Transportation Act” (FAST Act) into law. Included in the FAST Act was a provision that provided an exception to the annual notice delivery requirement for financial institutions. The Consumer Financial Protection Bureau (CFPB) was charged with implementing these changes to Regulation P, and the proposed amendments were released on July 1. 

Currently, the Gramm-Leach-Bliley Act (GLBA) requires financial institutions to deliver customers a privacy notice at the time the customer relationship is established. Subsequently, the financial institution must provide their full privacy notice at least once in a period of 12 consecutive months for the duration of the customer relationship. 

The proposed amended rules state that a financial institution is not required to deliver the annual privacy notice, as required by the GLBA if the following two conditions are met:

  1. The financial institution only provides nonpublic personal information to non-affiliated third parties under one of the exceptions to the notice and opt-out requirement.  The exceptions to the opt-out requirements, and now the proposed criteria for an exception to the annual notice requirement, are as follows:

    • FI shares nonpublic personal information to non-affiliated third parties and enters into a contractual agreement with the third party prohibiting the non-affiliate from disclosing any of the nonpublic information,

    • FI shares nonpublic personal information to effect, administer, or enforce a transaction requested or authorized by the customer, or

    • FI shares nonpublic personal information with the consent of the customer, to protect the customer’s information, to have the financial institution insured, rated, or guaranteed, for the sale or exchange of a business, or as required by judicial process, or for compliance of a governmental regulatory authority.

  1. The financial institution has not changed its policies and practices with respect to disclosure of nonpublic personal information from the policies and practices that were provided in the most recent privacy notice delivered to customer.

A financial institution may no longer meet the requirements for the exception either by beginning to share nonpublic personal information in ways that trigger rights to opt-out notices under GLBA and Regulation P, or by otherwise changing its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent privacy notice the financial institution provided. The CFPB is proposing different timing requirements for the resumption of annual notices, depending on whether the change at issue would trigger the requirement for a revised notice under § 1016.8 prior to the change taking effect.

If you have questions about your privacy policy or notifications, please contact an attorney in our Banking Law Section.

The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.

 

Questions, Contact us today.

 


The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Law is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm.  Your use of the Dickinson Law blog postings does NOT create an attorney-client relationship between you and Dickinson, Mackaman, Tyler & Hagen, P.C. or any of its attorneys.  If specific legal information is needed, please retain and consult with an attorney of your own selection.

Comments
There are no comments yet.
Add Comment

* Indicates a required field