Court-ordered GLBA violations require CFPB intervention

February 13, 2023

CUNA and other financial services organizations called on Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra to intervene to prevent court-ordered Gramm-Leach-Bliley Act (GLBA) violations. The Superior Court of New Jersey ruled in Seidman v. Spencer Sav. Bank that the state-chartered, mutually owned bank must provide the plaintiff with names and contact information of all its 43,000 members.

The plaintiff in the case wishes to join the board of directors of the bank and argues the next board of directors election can be conducted fairly only if the plaintiff can directly solicit the bank’s members.

“The CFPB has general GLBA rulemaking authority and a statutory responsibility to ensure that inconsistent state legislation, regulation, executive action, and judicial orders do not displace the GLBA’s requirements,” the letter to Chopra reads.

“Specifically, we ask that the CFPB issue guidance that provides no state legislature, regulator, executive, or court may circumvent the requirements in Regulation P that financial institutions provide consumers adequate financial privacy notices and generally prohibit FIs from disclosing consumers’ nonpublic personal information to nonaffiliated third parties without consumers’ notice or consent, with certain well-defined exceptions,” it adds. “Additionally, we ask the CFPB to consider taking direct legal action in Seidman v. Spencer Sav. Bank to prevent the unlawful disclosure of tens of thousands of consumers’ nonpublic personal information.”

The organizations strongly urge the CFPB to more fully partner with state financial regulators and take other actions to uphold the GLBA and to issue guidance, “providing that states may not flout Regulation P’s requirements through legislative, regulatory, executive, or judicial means.”