CFPB Finalizes Gramm-Leach-Bliley Amendments

On August 10, 2018, the Bureau of Consumer Financial Protection finalized amendments to Regulation P that allow financial institutions that meet certain requirements to be exempt from sending annual privacy notices to their customers. These amendments implement recent changes to the Gramm-Leach-Bliley Act (GLBA).

GLBA generally requires financial institutions to send annual privacy notices to customers. These notices must describe the privacy practices of financial institutions, including whether and how they share customers’ nonpublic personal information. If the institution shares this information with unaffiliated third parties in ways other than as specified by GLBA, the institution typically must notify customers of their right to opt out of having their information shared and inform them how to do so.

GLBA was amended in 2015 to provide financial institutions that meet certain conditions an exemption to the requirement under GLBA to deliver an annual privacy notice. A financial institution can use the annual notice exemption if the institution limits the sharing of customer information so that the customer does not have the right to opt out, and the institution has not changed its privacy notice from the one previously provided to the customer. These final amendments to Regulation P implement the GLBA changes and establish deadlines for institutions that must resume issuance of privacy notices due to changes in practices that eliminate the institution’s exemption under these amendments.

The final rule can be found here


comments powered by Disqus