On August 17, 2018, the Bureau of Consumer Financial Protection (CFPB) published a final rule amending its Regulation P to include an exception to the Gramm-Leach-Bliley Act (GLBA) annual privacy notice obligation. Nearly three years ago, the Fixing America’s Surface Transportation Act (FAST Act) amended the GLBA to provide for such an exception. The CFPB has now caught up in order to ensure that Regulation P is consistent with the GLBA as amended. Although the final rule will take effect on September 17, 2018, the FAST Act’s statutory amendment has been effective for several years. That is, notwithstanding the fact that Regulation P fell behind the statute, financial institutions have been able to rely on the GLBA’s statutory exception to the annual notice obligation.
BACKGROUND ON THE EXCEPTION TO ANNUAL NOTICE REQUIREMENT -
Under the GLBA, a financial institution must provide each consumer customer with an annual notice of its privacy policies and practices over the course of its relationship with the customer. The FAST Act amended the GLBA to provide an exception to the annual privacy notice requirement for financial institutions that satisfy two conditions. Specifically, a financial institution is not required to provide an annual privacy notice to its customers if: (1) the institution shares nonpublic personal information (NPI) about customers with nonaffiliated third parties only to the extent permitted by exceptions in the GLBA or Regulation P (i.e., the financial institution is not required to provide an opt out for sharing with nonaffiliated third parties), and (2) the financial institution has not changed its policies and practices with respect to disclosing NPI from those described in the most recent privacy notice sent to customers.
Please see full publication below for more information.