news.cuna.org/articles/FIs_can_post_privacy_notices_online_under_new_CFPB_rule

FIs can post privacy notices online under new CFPB rule

October 20, 2014

WASHINGTON (10/21/14)--A rule allowing financial institutions that meet certain requirements to post annual privacy notices online has been finalized by the Consumer Financial Protection Bureau (CFPB).

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to send annual privacy notices to customers, describing whether and how it shares consumers' nonpublic personal information. If the institution does share this information, it must notify consumers of their right to opt out and inform them how to do so.

Under the CFPB's new rule, requirements that allow financial institutions to post privacy notice online include:

  • The financial institution does not share data in ways that would trigger consumers' opt-out rights;
  • Consumers are informed annually about the availability of the disclosures; and
  • A notice is included on a regular consumer communication, such as a monthly billing statement for a credit card, letting consumers know that the annual privacy notice is available online and in paper by request at a provided telephone number.

If an institution chooses not to use the new disclosure method, it will need to continue to deliver annual privacy notices to its customers using other delivery methods.

The new rule applies to all financial institutions within the CFPB's jurisdiction under the GLBA. Institutions that choose to rely on this new method of delivering privacy notices will be required to use the model disclosure form developed by federal regulatory agencies in 2009.

Use the resource link below to access the final rule. The rule is effective upon publication in the Federal Register.

CFPB final rule: Annual privacy notice (PDF)