President Signs Law Providing Exception to Annual Privacy Notice Requirement under the Gramm-Leach-Bliley Act
Time 2 Minute Read

On December 4, 2015, President Obama signed the Fixing America’s Surface Transportation Act (the ‘‘FAST Act’’) into law. The FAST Act, which is aimed at improving the country’s surface transportation infrastructure, contains a provision that modifies the annual privacy notice requirement under the Gramm-Leach-Bliley Act (“GLBA”).

Under the current GLBA Privacy Rule, financial institutions must mail an annual privacy notice to their customers that sets forth how they collect, use and disclose those customers’ nonpublic personal information (“NPI”) and whether customers may limit such sharing. The exception in the FAST Act states that a financial institution does not have to provide an annual privacy notice if it (1) only shares NPI with nonaffiliated third-parties in a manner that does not require an opt-out right be provided to customers (e.g., if the institution discloses NPI to a service provider or for fraud detection and prevention purposes) and (2) has not changed its policies and practices with respect to disclosing NPI since it last provided a privacy notice to its customers.

If a financial institution changes its practices and discloses NPI to nonaffiliated third-parties in a manner that requires it to offer an opt-out right to its customers, the financial institution would be required to send the revised privacy notice to its customers. For example, if a financial institution began to disclose NPI to nonaffiliated third-parties so that those parties could market to the financial institution’s customers, it would need to mail the privacy notice to its customers and only share the NPI after those customers have not exercised their rights to opt out of such sharing.

The FAST Act’s GLBA provision is expected to save financial institutions millions of dollars in postage and printing costs, and comes after the Consumer Financial Protection Bureau finalized a rule that enabled certain financial institutions to comply with GLBA notice requirements by publishing their financial privacy notices online instead of mailing them to their customers.

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page