CFPB Proposes Rule on Gramm-Leach-Bliley Act Privacy Notice Requirements

CFPB Proposes Rule on Gramm-Leach-Bliley Act Privacy Notice Requirements

On May 13, 2014, the Consumer Financial Protection Bureau (“CFPB”) released a Proposed Rule Amendment to the Annual Privacy Notice Requirement Under the Gramm-Leach-Bliley Act.  Many financial institutions currently mail printed copies of the annual GLBA privacy notices to their customers, but have expressed concern that this practice causes information overload for consumers and unnecessary expense.  In response to such concerns, the CFPB is proposing to allow financial institutions that do not engage in certain types of information-sharing activities to stop mailing an annual disclosure if they post the annual notices on their websites and meet certain other conditions.

The Proposed Rule would apply to various types of financial institutions that provide consumer financial products and services, and the CFPB is currently encouraging comments on the proposal through June 12, 2014.  At this time, there is no clear date that the Proposed Rule might go into effect.  The CFPB is expected to announce updates after the June 12, 2014 deadline for submission of comments.

Summary of the Proposed Rule

Specifically, the proposal would allow financial institutions to use the proposed alternative delivery method for annual privacy notices if the conditions below are met.  Covered financial institutions should analyze if they meet each of these criteria, and therefore may qualify to use the alternative delivery method if/when the Proposed Rule goes into effect.

  1. the financial institution does not share the customer’s nonpublic personal information with nonaffiliated third parties in a manner that triggers GLBA opt-out rights;
  2. the financial institution does not include on its annual privacy notice an opt-out notice under section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act (FCRA);
  3. the financial institution’s annual privacy notice is not the only notice provided to satisfy the requirements of section 624 of the FCRA;
  4. the information included in the privacy notice has not changed since the customer received the previous notice; and
  5. the financial institution uses the model form provided in the GLBA’s implementing Regulation P. A financial institution would still be required to use the currently permitted delivery method if the institution, among other things, has changed its privacy practices or engages in information-sharing activities for which customers have a right to opt out.

Compliance Step 1: Annual Statements to Customers

To comply with the proposed rule (as currently proposed), a financial institution would need to insert a clear and conspicuous statement, at least once per year, on a notice or disclosure issued under any other provision of law, e.g. as an insert with a billing statement.  The statement must include the following information for customers:

  • the privacy notice is available on the company’s website;
  • it will be mailed to customers who request it by calling a toll-free telephone number; and
  • the privacy notice has not changed since the customer received the previous notice.

Compliance Step 2: The Alternative Delivery Method via Website Post

To comply with the proposed rule, the current model form would be continuously posted in a clear and conspicuous manner on a page of the financial institution’s website without requiring a login or similar steps to access the notice.

To assist customers with limited or no access to the internet, a company would have to mail annual notices promptly to customers who request them by phone.

To access the Proposed Rule, see the following link: https://www.federalregister.gov/articles/2014/05/13/2014-10713/amendment-to-the-annual-privacy-notice-requirement-under-the-gramm-leach-bliley-act-regulation-p#p-14

Contact Us

We aggressively and competently represent our clients and assist our community as a good corporate citizen of Rock Hill, South Carolina. Send us a message using the form below or contact us directly at 803.329.8970.

Office Address:

224 Oakland Avenue
Rock Hill, SC 29730

Mailing Address:

PO Box 12645
Rock Hill, SC 29731

©2019 The Echols Firm, LLC. All rights reserved.

Attorneys licensed to practice in North Carolina and South Carolina. We may associate counsel in other states depending on the nature of your case. This World Wide Website has been developed by to provide general information about our practice. Persons viewing or using our site should note the following: No Attorney-Client Relationship Created by Use of this Website: Neither your use of this website, any information contained herein or any attempts to contact The Echols Firm, LLC or any attorney employed by us, creates an attorney-client relationship between you and any firm attorney. Attorney-client relationships with our firm and its lawyers can only be established through direct person-to-person contact and only after a specific letter of engagement has been expressly agreed to between our firm and a client. If other counsel is associated, we will fully disclose to you in writing the terms of that association, including the manner in which any fees are billed and/or divided. You should not provide any confidential information to our firm through e-mail or otherwise.