Privacy & Information Security Law Blog

On October 20, 2014, the Consumer Financial Protection Bureau (“CFPB”) announced a finalized rule that enables certain financial institutions to comply with the Gramm-Leach-Bliley Act (“GLB”) by publishing their financial privacy notices online instead of mailing them to their customers. The GLB Privacy Rule requires financial institutions to provide privacy notices to their customers on an annual basis. The new disclosure method only applies to financial institutions regulated by the CFPB and does not impact those entities regulated by the Securities and Exchange Commission, Commodity Futures Trading Commission or Federal Trade Commission.

As we previously reported in May, the new rule only applies to financial institutions that meet certain conditions. For example, to qualify for the online delivery method, financial institutions must not share nonpublic personal information (“NPI”) with nonaffiliated third parties in a manner that requires an opt-out right be provided to customers. They also must use the model form regulators have developed to comply with the GLB Privacy Rule’s notice requirement.

The CFPB highlighted benefits of the new rule, which include:

• Providing consumers with constant access to privacy policies;
• Creating an incentive for financial institutions to limit their sharing of NPI;
• Educating consumers using the easily understood model form; and
• Reducing financial institutions’ compliance costs by an estimated $17 million annually.

In the press release announcing the new final rule, Richard Cordray, the Director of the CFPB, stated that “Posting privacy notices online will make it easier for consumers to access these important policies, while also making it cheaper for financial institutions to provide disclosures.”

The rule becomes effective once published in the Federal Register.