Annual Privacy Notice Requirement

Disclosure of Nonpublic Personal Information 15 USC 94

On December 4, 2015, President Obama signed the “Fixing America’s Surface Transportation Act” (“FAST Act”) which provides relief to financial institutions regarding providing an annual privacy notice.

The Gramm-Leach-Bliley Act (GLB Act or GLBA) is a statute that, among other things, governs the privacy and sharing of nonpublic personal information.  Regulation P establishes rules to implement the requirements of the statute.  The Fixing America’s Surface Transportation Act (FAST ACT) amends the GLBA to provide relief to financial institutions regarding the requirement to provide an annual privacy notice to customers.

Until the CFPB updates Regulation P, it will vary from the requirements, and exceptions, that are included in the GLBA.  The GLBA overrules Regulation P, so the changes to the GLBA can be followed until Regulation P is updated.  (Similar to how the Expedited Funds Availability Act and the Check Clearing for the 21st Century Act changes do not yet reflect in Regulation CC.)

Credit unions no longer have to provide an annual privacy notice to its members, if (1) the credit union has provided a notice previously, and (2) the credit union has not changed its policies and practices for disclosing nonpublic personal information from the previously provided notice.

Credit unions will still need to provide their privacy notice at account opening (when an individual becomes your customer), and whenever any changes requiring an amended notice to the credit union’s policies or practices of disclosing nonpublic personal information occur.

SEC. 75001. EXCEPTION TO ANNUAL PRIVACY NOTICE REQUIREMENT UNDER THE GRAMM-LEACH-BLILEY ACT.

Section 503 of the Gramm-Leach-Bliley Act (15 U.S.C. 6803)

is amended by adding at the end the following:

(f) EXCEPTION TO ANNUAL NOTICE REQUIREMENT.

A financial institution that—

  1. provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 502 or regulations prescribed under section 504(b), and
  2. has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this section,

shall not be required to provide an annual disclosure under this section until such time as the financial institution fails to comply with any criteria described in paragraph (1) or (2).

 

http://www.gpo.gov/fdsys/pkg/BILLS-114hr22enr/pdf/BILLS-114hr22enr.pdf

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *