Annual Privacy Disclosure Notices

  • Bookmark and Share
  • RSS Feed
  • Email a friend
  • Print this page

Updated June 2014

The Gramm-Leach-Bliley Act (P.L. 106-102), enacted in 1999, requires financial institutions and a wide variety of other businesses to issue privacy disclosure notices to consumers that detail the institution's privacy policies if it shares customers' non-public personal information with affiliates or third parties. The law also requires telling existing and potential customers of their right to opt out of sharing non-public personal information with third parties. Such disclosures must take place when a customer relationship is first established and annually in paper form as long as the relationship continues even if no changes have occurred. This legislation would help eliminate the confusion by exempting institutions whose policies have not changed from this outdated requirement.  

 The privacy notice, for most institutions, is readily available for view online, as well as available at branch locations for consumers to acquire if they so wish. The exception will allow credit unions to focus their resources on providing low cost financial services to their members without disturbing consumer privacy policy availability. The staff resources and money wasted to send the required notice to millions of credit union members every year are resources that could better serve members elsewhere.
As many institutions and consumers are earnestly attempting to "go green" the current requirement stands in stark contrast. The exception would save credit unions valuable staff resources, lower the cost of financial services, and reverse the negative environmental impact caused by such a requirement, while not harming consumers.

At the end of the 112th Congress the House passed legislation (H.R. 5817) by unanimous consent that would have eliminated the unnecessary, redundant and costly annual privacy policy notice requirement for an institutions that,

  1. Do not share information with non-affiliated third parties; and  
  2. Do not change its privacy policy from the last time it was disclosed.  

 While the Senate did not act on this bill, it was re-introduced in the House at the beginning of the 113th Congress by Reps. Blaine Luetkemeyer (R-MO) and Brad Sherman (D-CA) as the Eliminate Privacy Notice Confusion Act (H.R. 749).

On March 12, 2013 the House passed H.R. 749 by unanimous consent. The same day, NAFCU sent a letter to the Senate urging immediate action and is lobbying to make sure that the legislation is addressed as soon as possible.

On March 21, 2013 Senators Sherrod Brown (D-OH) and Jerry Moran (R-KS) introduced the Privacy Notice Modernization Act, S. 635, a substantially similar version of the House bill. The bill currently has over 60 bipartisan cosponsors including Senate Banking Chairman Tim Johnson (D-SD) and Ranking Member Mike Crapo (R-ID).  NAFCU lobbyists are working to gain momentum on the legislation.

Concurrently, in May 2014 the Consumer Financial Protection Bureau proposed a rule containing many of the same elements NAFCU has sought on the legislative front. The CFPB proposal would allow financial institutions to post their annual privacy notices online instead of delivering them individually if they meet a series of conditions including not sharing the customer's nonpublic personal information with nonaffiliated third parties. While this is certainly a positive development, NAFCU will continue to push for statutory changes to the law.

Ensuring credit unions don’t need to send redundant privacy notice disclosures in one aspect of
NAFCU’s comprehensive plan for regulatory relief. NAFCU will continue to monitor this issue.

Annual Privacy Disclosure Notices Policy Letters

10-29-2013 NAFCU letter urging action on S. 635

03-12-2013 NAFCU urging action on H.R. 749

12-12-12 NAFCU letter to Senate urging action on H.R. 5817

12-3-12 Boehner-Pelosi letter in support of H.R. 5817