Earlier this month, the Consumer Financial Protection Bureau (CFPB) issued its proposed rule amending the Gramm-Leach-Bliley Act’s annual privacy notice requirement set forth in Regulation P.

The rule is in response to Congress’ December 2015 amendment to the act, which eliminated the need for certain companies to provide annual privacy disclosures to consumers.  Under the amendment, the annual notice requirement is eliminated for any financial institution that:

  1. Limits it sharing so the customer does not have the right to opt out; and
  2. Has not changed its privacy notice since the one most recently delivered to the customer.

If adopted, the proposed rules would create a 60-day deadline for financial institutions to provide an annual notice if they have changed their policies and practices so as to lose the annual notice exception.  The proposed changes would also remove the rule implemented in 2014 that permits alternative annual notice delivery methods because any party that meets the criteria for alternative delivery will also meet the criteria set forth in the new rule that permits the institution to forego providing the annual notice altogether.

The proposal does not affect the requirement that financial institutions provide an initial privacy notice to new customers, and it does not exempt the financial institution from providing any disclosures required by the Fair Credit Reporting Act in association with affiliate information sharing.

Comments may be submitted electronically or by mailing or delivery to the CFPB.