On May 6, 2014, the Consumer Financial Protection Bureau (CFPB) proposed a rule that would amend Regulation P, Privacy of Consumer Financial Information.  The proposed rule would promote more effective privacy disclosures from financial institutions to their customers, while also providing some good news for banks.
Currently financial institutions send annual privacy notices to their customers that describe if and how consumer’s nonpublic personal information will be shared.  If the institution shares information with an unaffiliated third party, it generally must inform the consumers of their right to opt-out of the sharing and provide information on how to opt-out.
The proposed rule would allow those institutions that limit their information sharing, and meet other requirements, to post their annual privacy notices online rather than delivering an annual paper copy.  CFPB Director Richard Corday stated, “[t]his proposal would make it easier for consumers to find and access privacy policies, while also making it cheaper for industry to provide disclosures.”  The CFPB estimates the proposed rules would result in an industry savings of approximately $17 million annually.
So what does this mean for financial institutions?   If an institution meets the requirements and wants to use the online disclosure method it would need to:

  • Deliver initial privacy policy notice as currently required;
  • Inform consumers annually about the availability of the online disclosure and their right to request a paper copy along with a toll free number for such requests.  This could be done be via an insert in a regular consumer communication (e.g. billing statement);
  • Use the model disclosure form developed by federal regulatory agencies in 2009;
  • Mail annual notices promptly to customers who request them by phone;
  • Continuously post and allow unrestricted access to the online notice (i.e. no login required to view the notice); and
  • Provide information on privacy policy change-in-terms through existing delivery methods.

This seems to be a win-win proposal.  First, financial institutions that meet certain requirements, such as not sharing customer information in ways that would trigger an opt-out, would save money by posting their annual privacy notice online rather than delivering it in writing.  Second, customers would have access to privacy notices at any time, allowing them to become better informed about how an institution plans to use their information and comparison shop various privacy policies before deciding on an institution.  And, finally, by providing this new proposed method of delivery for institutions meeting certain requirements, the CFPB is giving financial institutions incentive to limit their information sharing, which is a big benefit to many consumers.
Comments must be received no later than 30 days after publication in the Federal Register.
To access the proposal click here: