CFPB Proposal May Eliminate Requirement to Mail Annual Privacy Notice

On May 7th, the Consumer Financial Protection Bureau (CFPB) announced a proposed rule that would allow financial institutions to post annual privacy notices online, potentially eliminating the current requirement to provide each customer an annual notice by mail. The proposed rule was published in the Federal Register on May 13^th, 2014, and comments are due on or before June 12^th, 2014.
 
The Gramm-Leach-Bliley Act (GLBA) and Regulation P currently require financial institutions to provide each customer with an annual privacy notice, which most institutions satisfy by mailing each customer a notice via the U.S. Postal Service. These notices are required to alert consumers as to whether and how the institution shares the consumers’ nonpublic personal information (NPI). This new proposal would allow financial institutions to replace the costly and burdensome annual mailing with an online notice, provided that certain additional requirements are satisfied. 
 
Under the proposed rule, a financial institution could post its annual privacy notice online rather than provide it by mail if the institution: 

1. does not share NPI with unaffiliated third parties in a way that triggers opt-out rights under GLBA,
2. does not provide consumers with an opportunity to opt out of the sharing of consumer report information with affiliates under the Fair Credit Reporting Act (FCRA),
3. provides an affiliate marketing opt-out under FCRA in a notice separate from its annual privacy notice,
4. has not changed the content of its privacy notice since it last provided an annual notice,
5. uses the CFPB’s Model Privacy Notice contained in Regulation P,  
6. provides a clear and conspicuous statement to consumers where the privacy notice can be found, and
7. promptly mails to consumers a copy of the notice upon their request made to a toll-free telephone number.

Instructions for providing comments on the proposed rule are provided in the notice.