CFPB updates regulation to implement legislation amending Gramm-Leach-Bliley Act

See the source image

The CFPB finalized amendments to implement legislation that allows financial institutions that meet certain requirements to be exempt from sending annual privacy notices to their customers.

The Gramm-Leach Bliley Act generally requires that financial institutions send annual privacy notices to customers. These notices must describe the privacy practices of financial institutions, including whether and how they share customers’ nonpublic personal information. If the institution shares this information with the unaffiliated third parties in ways other than specified by the GLBA, the institution typically must notify customers of their right to opt out of having their information shared and inform them how to do so.

In 2015, as part of a larger funding bill, Congress amended the act to grant exemptions to certain financial institutions. The bureau’s rule implements the legislation and establishes certain deadlines.

For complete details, view the press release from the CFPB below:

WASHINGTON, D.C. – The Bureau of Consumer Financial Protection (Bureau) today finalized amendments to implement legislation that allows financial institutions that meet certain requirements to be exempt from sending annual privacy notices to their customers.

The Gramm-Leach-Bliley Act (GLBA) generally requires that financial institutions send annual privacy notices to customers. These notices must describe the privacy practices of financial institutions, including whether and how they share customers’ nonpublic personal information. If the institution shares this information with unaffiliated third parties in ways other than specified by the GLBA, the institution typically must notify customers of their right to opt out of having their information shared and inform them how to do so.

In December 2015, Congress amended the GLBA as part of the Fixing America’s Surface Transportation Act (FAST Act). This amendment to the GLBA provides financial institutions that meet certain conditions an exemption to the requirement under the GLBA to deliver an annual privacy notice. A financial institution can use the annual notice exception if it limits its sharing of customer information so that the customer does not have the right to opt out, and has not changed its privacy notice from the one previously delivered to its customer. The rule issued by the Bureau today implements this legislation and establishes deadlines for institutions resuming annual privacy notices if their practices change and they therefore cease to qualify for the exemption.

The final rule issued today is available at: https://files.consumerfinance.gov/f/documents/bcfp_glba-privacy-notices_final-rule_amendment_2018-08.pdf 

###

The Bureau of Consumer Financial Protection is a 21st century agency that helps consumer finance markets work by regularly identifying and addressing outdated, unnecessary, or unduly burdensome regulations, by making rules more effective, by consistently enforcing federal consumer financial law, and by empowering consumers to take more control over their economic lives. For more information, visit consumerfinance.gov.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s