CFPB Amends Regulation P

On October 20, the CFPB finalized its amendment to Regulation P, which requires, among other things, that financial institutions provide an annual disclosure of their privacy policies to their customers. The Gramm-Leach-Bliley Act (GLBA) and Regulation P mandate that financial institutions provide their customers with initial and annual notices regarding their privacy policies. If financial institutions share certain customer information with particular types of third parties, the institutions are also required to provide notice to their customers and an opportunity to opt out of the sharing. The GLBA was enacted into law in 1999. The statute, among other things, is intended to provide a comprehensive framework for regulating the privacy practices of an extremely broad range of entities. 

The finalized amendment creates an alternative delivery method for this annual disclosure, which financial institutions will be able to use under certain circumstances. Under the new rule, bank and nonbank institutions under the CFPB’s jurisdiction will now be allowed to post privacy notices online, rather than deliver an annual paper copy. Institutions that choose to post notices online must meet certain conditions, including: providing notice to consumers if the institution shares any data to third parties, in addition to providing an opportunity to opt out of such sharing; and using the 2009 model disclosure form developed by federal regulatory agencies. The institutions that choose to rely on the new delivery method must ensure that customers are aware of the notices posted online;  provide paper copies within ten days of a customer’s request; and make customers aware that the privacy notice(s) are available online—and that a paper copy will be provided at the customer’s request—by inserting a “clear and conspicuous statement at least once per year on an account statement, coupon book, or a notice or disclosure.”

The CFPB anticipates that the rule will: provide consumers with constant access to privacy notices; limit the amount of an institution’s data sharing with third parties; educate consumers on various types of privacy policies; and reduce the cost for companies to provide privacy notices.

Contact Us

Have any questions? Send our team an email and we'll get back to you as soon as posible. *Warning: Do not send or include any information in any email generated through this web site if you consider the information confidential or privileged. By submitting information by email or other communication in response to this web site, you agree that the communication does not create a lawyer-client relationship between you and the law firm and its lawyers and that any information submitted is not confidential and is not privileged. You further acknowledge that, unless the law firm subsequently enters into a lawyer-client relationship with you, any information you provide will not be treated as confidential and any such information may be used adversely to you and for the benefit of current or future clients of the law firm.

Start typing and press Enter to search