beauty manMore and more financial institution processes are getting a technological makeover, and privacy is no exception. Regulation P currently requires financial institutions to provide initial and annual privacy notices to their customers/members by mail. The Consumer Financial Protection Bureau is proposing to allow an alternate delivery method (like posting it to your website) for the annual privacy notice. This is helpful, as financial institutions have long complained that mailing the annual notices is costly and, in most cases, does not provide the customer/member with new information. This proposal would provide some financial institutions with the ability avoid the hideously costly annual mailing process of a notice that is a contender to take home the honors of the mailer most likely to end up in the consumer’s trash without being opened.

Operational Impact

In order for your financial institution to take advantage of the proposed alternative to the mailing of annual privacy notices, you would need to be sure that none of the following conditions exist:

  • Sharing customer/member information with nonaffiliated third parties in a manner that triggers an opt-out right;
  • Including an opt-out notice on the annual privacy notice that is triggered by the affiliate sharing requirements under section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act;
  • Providing your annual privacy notice, as required by Regulation P, as the sole means of satisfying any notice requirement you may have under section 624 of the Fair Credit Reporting Act, which deals with sharing information with affiliates;
  • The information disclosed since the customer/member last received a privacy notice has changed; or
  • Using a privacy form other than the model form provided in Regulation P.

If none of the above conditions have disqualified you, then instead of providing the annual privacy notice, you could do the following:

  • Insert a clear and conspicuous statement at least once a year on a notice or disclosure you are providing in accordance with another regulatory requirement announcing that the annual privacy notice is available on your website, that it will be mailed to any customer/member who requests it by calling a toll-free number, and including a statement that the information contained in your privacy notice has not changed;
  • Continuously post your annual privacy notice in a clear and conspicuous manner on a page of your website that does not require a login or similar steps to access; and
  • Promptly mail annual notices to customers/members who request them by phone.

And remember, if you want to comment on this privacy facelift, comments are due by July 14, 2014.
For the complete text of the proposed rule, visit: https://www.federalregister.gov/articles/2014/05/13/2014-10713/amendment-to-the-annual-privacy-notice-requirement-under-the-gramm-leach-bliley-act-regulation-p