The CFPB proposed easing the annual privacy notice requirement under the Gramm-Leach-Bliley Act. Under the proposed rule, entities subject to CFPB supervision may post their privacy notices online rather than delivering them individually in certain circumstances. CFPB Director Richard Cordray said:
“Consumers need clear information about how their personal information is being used by financial institutions. This proposal would make it easier for consumers to find and access privacy policies, while also making it cheaper for industry to provide disclosures.”
Specifically, a bank may forgo mailing the annual GLBA disclosure if the information on it has not changed since the previous notice, if it does not share the customer’s personal information in a way that triggers GLBA opt-out rights, if it has other channels for disclosures or opt-outs required by the Fair Credit Reporting Act and if the bank uses the federal agencies’ model privacy notice form.
Instead, banks would be required to post their privacy notices online in an accessible and conspicuous way and notify customers in other required notices where to find it, that it has not changed, and that it will be promptly mailed upon request.
Comments on the proposal are due 30 days after publication in the Federal Register.
Link to Proposed Rule: http://files.consumerfinance.gov/f/201405_cfpb_annual-privacy-notice-proposal.pdf