May 06, 2014

CFPB proposes privacy notice modification

May 7, 2014 – CFPB on Tuesday proposed a rule that would allow depository institutions meeting certain requirements to post annual privacy notices online rather than delivering them individually.

The Gramm-Leach-Bliley Act, which regulates credit unions, "generally" requires financial institutions to send notices directly to consumers, but CFPB explained: "Today's proposal would allow institutions to post privacy notices online instead of distributing an annual paper copy, if they satisfy certain conditions such as not sharing data in ways that would trigger consumers' opt-out rights."

Institutions that choose to post notices online would be required to use the model disclosure form developed by federal regulatory agencies in 2009. They would also be required to notify consumers at least annually through another notice or disclosure that the privacy notice is online and available by mail upon request.

"NAFCU has been seeking relief on this issue in Congress," said NAFCU Director of Regulatory Affairs Michael Coleman. "We are pleased that the CFPB has begun to take steps to provide credit unions relief from these outdated notices via the regulatory process."

NAFCU continues to press for action on S. 635, the "Privacy Notice Modernization Act," from Sens. Sherrod Brown, D-Ohio, and Jerry Moran, R-Kan., which would abolish duplicative and costly privacy notices – one of the priorities outlined in NAFCU's five-point plan for regulatory relief for credit unions.