Credit unions have until July 14 to comment on proposed amendments to Regulation P—privacy under the Gramm- Leach-Bliley Act (GLBA).
The Consumer Financial Protection Bureau (CFPB) proposed amendments to its privacy regulation in May that would allow institutions that meet certain conditions to post their annual privacy notices online rather than deliver them individually.
If finalized, a credit union that meets the following conditions would be able to utilize the proposed online delivery method:
- The credit union doesn’t share the consumer’s nonpublic personal information with non-affiliated third parties in a manner that triggers GLBA opt-out rights;
- The credit union doesn’t include an opt-out notice under the Fair Credit Reporting Act’s (FCRA) Affiliate Sharing Rule on its annual privacy notice;
- The credit union’s annual privacy notice isn’t the only notice provided to satisfy the requirements of the FCRA Affiliate Marketing Rule;
- The information included in the annual privacy notice hasn’t changed since the member received the previous notice; and
- The credit union uses the model privacy notice disclosure form contained in Regulation P.
A credit union would be required to continuously post the annual privacy notice in a “clear and conspicuous” manner on its website, without requiring a login or similar steps to access the notice.
In addition, a credit union would have to insert a clear and conspicuous statement at least once per year on a notice or disclosure the credit union provides announcing that the annual privacy notice is available on the credit union’s website, that it will be mailed to members who request it by calling a toll-free telephone number, and that it has not changed.
A credit union would still have to mail the privacy notice if it changes its privacy practices, engages in information-sharing activities that trigger members’ opt-out rights, or is responding to members’ telephone requests for paper notices.
File comments at regulations.gov (Docket Number: CFPB-2014-0010).