Alert gives NCUA privacy notice guidance

January 2, 2015

ALEXANDRIA, Va. (1/5/15)--A new regulatory alert from the National Credit Union Administration informs federally insured credit unions how to fulfill privacy notice requirements by posting them online.

The letter (14-RA-11), sent to boards of directors and CEOs, informs credit unions of changes required by a final privacy notice rule issued by the Consumer Financial Protection Bureau (CFPB) in October.

According to the letter, the CFPB's rule "makes it easier to access information about a financial institution's privacy policies any time during the year, and reduces regulatory burden by allowing financial institutions to reduce printing and mailing costs."

The rule applies to annual privacy notices delivered to credit union members. Under the rule, privacy notices can be delivered using an "alternative delivery method" of posting the notice online. The new method can be used if the credit union:

  • Does not disclose customers' nonpublic personal information to nonaffiliated third parties other than for purposes for which an exception is provided in the implementing regulation;

  • Does not include an "opt out" under the Fair Credit Reporting Act (FCRA) on your annual privacy notice;

  • Has previously satisfied the affiliate marketing provisions of FCRA and its implementing regulation, Regulation V, if applicable, or the annual privacy notice is not the only notice provided to satisfy those requirements;

  • Has not changed the information in the most recent privacy notice other than to eliminate categories of information shared or parties; and

  • The form provided in the regulation's appendix is used for the annual privacy notice.

A credit union must provide a notice to its members that the privacy notice is available online, and must provide the member notice in a "clear and conspicuous manner" on an account statement with a specific Web address, and the most current privacy notice must be posted in a "clear and conspicuous manner" on a Web page that does not require a login.

According to the NCUA, if a credit union prefers to continue delivering annual privacy notices by the other existing methods contained in the regulation, no action is needed.

(Editor's note: This article first appeared in the Jan. 2 issue of News Now.)