The Consumer Financial Protection Bureau has given a thumbs up to congressional mandates via legislation that would allow financial institutions to be exempt from sending privacy notices to their customers – provided that the financial companies meet certain requirements.
The Gramm-Leach-Bliley Act, as it is currently written, requires that companies send these notices to their customers annually. The notices themselves are mandated to explain what nonpublic information is collected about a consumer, where it is shared, what it is used for, and how the information is protected. If that information is indeed shared with third parties, then the firms must provide an opt-out clause and must walk consumers through how to, in fact, opt out.
The Act itself was amended late in 2015, and allows financial firms meeting certain conditions an exemption to the aforementioned requirement. When those conditions are met, the opt out provision can be removed and the privacy notice need not be sent out every year unless the privacy policy has changed. There is a new amendment that is most recently on the table, and which got the approval by the CFPB in July of 2016. The newest amendment would also set deadlines in place for financial institutions that would be taking up annual privacy notices again, if practices change and they are no longer able to qualify for the exemption.
Annual privacy notices can be posted online as an alternative delivery method, according to the CFPB, but with the new amendment the CFPB is proposing to remove that alternative delivery option for the firms.