WASHINGTON, D.C. — Last week, the Consumer Financial Protection Bureau (CFPB) proposed to implement an amendment to the Gramm-Leach-Biley Act (GLBA) that will grant certain financial institutions exemption from sending annual privacy notices to customers.
The GLBA generally requires financial institutions to send annual privacy notices to customers. Within the notices, institutions are required to describe whether and how customers’ nonpublic personal information is shared. If an institution does share customers’ NPI data with unaffiliated third parties in ways other than specified by the statute, then the institution is required to notify customers of their right to opt out of sharing and inform them on how to do so, according to a CFPB press release.
In December 2015, the GLBA was amended to exempt a financial institution from the requirements of the GLBA if it limits “its sharing of customer information so that the customer does not have the right to opt out and has not changed its privacy notice from the one previously delivered to its customer,” the press release stated.
Along with granting exemption, the proposed implementation of the December amendment would also establish deadlines for institutions resuming annual privacy notices if their practices change and cease to qualify for the exemption, according to the CFPB.
Implementation of the amendment would also allow financial institutions that qualify for GLBA exemption to post annual privacy notices online rather than deliver them to customers individually. “In light of this, the Bureau is proposing to also remove the alternative delivery method,” the CFPB press release stated.