Provision exempting some FIs from annual privacy notices kicks in Sept. 17

Final revisions providing an exemption from annual privacy notice requirements for financial institutions meeting certain conditions take effect Sept. 17, according to a notice in the Federal Register from the Bureau of Consumer Financial Protection (BCFP, formerly known as CFPB).

The rule changes, announced Aug. 10 by BCFP and published in the F.R. Friday, implement a 2015 revision to the underlying statute, the Gramm-Leach-Bliley Act (GLBA). The revisions, according to the bureau, allow financial institutions to be exempt from sending annual privacy notices to their customers if they satisfy two conditions: they limit their sharing of customer information so that the customer does not have the right under GLBA to opt out, and the institutions have not changed their privacy notices from the ones previously delivered to customers. The rule also establishes deadlines for institutions that are resuming annual privacy notices if their practices change (making them ineligible for the exemption).

The GLB Act revision was implemented as part of the 2015 Fixing America’s Surface Transportation Act (FAST Act).

Amendment to the Annual Privacy Notice Requirement Under the Gramm-Leach-Bliley Act (Regulation P)