The Bureau of Consumer Financial Protection (BCFP) has announced an update in legislation aimed at easing the burden on financial institutions and reducing the risk of consumer confusion. Through Regulation P, legislation has been updated that amends the Gramm-Leach-Bliley Act, which requires annual privacy notices to consumers from financial institutions.
The amendments finalized today allow for certain qualifying institutions to be exempt from these notices, which describe privacy practices of their institutions, including ‘whether and how’ customer’s nonpublic personal information is shared. If the institution shares this information with “unaffiliated third parties” in ways that deviate from GLBA specifications, the institution is required to notify its customers of their opt-out rights, and how to stop the sharing of their information.
Congress amended the GLBA in December 2015, as part of the Fixing America’s Surface Transportation Act (FAST Act). This amendment allows for financial institutions that meet certain conditions to be exempted from these annual notices if the sharing of customer information is limited so that the customer does not have the right to opt-out, and if the institution has not changed its privacy notice from the one previously delivered to the customer.
This rule was issued by the Bureau today in order to implement the legislation and establish deadlines for institutions resuming annual privacy notices “if their practices change and they therefore cease to qualify for the exemption,” the statement said.
In addition to these changes, in certain circumstances, Regulation P allows financial institutions to use an “alternative delivery method to provide annual notices.” This requires, among other things, that the annual notice be posted and accessible on the financial institution’s website.
The amendments to Regulation P in this final rule will become effective 30 days after the date of publication in the federal register.
To read the full ruling, click here.