The CFPB has issued a Final Rule revising Regulation P; which will allow eligible institutions to meet their 
annual Privacy Policy notification requirements by posting their notice online if certain conditions are met.
Essentially, an institution cannot engage in information sharing practices that require it to have an opt-out within its Privacy Notice. If you provide an opt-out under the Affiliate Marketing Rule on your Privacy Notice, you must also have provided the Notice and opt-out previously or provide it separately from your Privacy Notice as well. In addition, the model Privacy Notice must be used and there cannot have been any substantive changes required to the Notice (concerning information sharing or safeguarding practices) since it was last delivered.
Eligible institutions wishing to take advantage of this alternative annual notification generally need to:
- Ensure a Privacy Notice is clearly and conspicuously posted on its website without the need for a login or other agreement.
- Mail Privacy notices within 10 days of a phone request.
- Provide an annual availability notice to alert customers to the location of the Privacy Policy. Specific content and format requirements apply. Sample language is provided within the final rule.
These changes became effective upon publication in the Federal Register on October 28, 2014. This should give many banks the ability to forgo an annual privacy mailing. That’s good news! Just make sure that everyone involved knows and understands the conditions and requirements. We will have more information in our November newsletter (available November 1st).
Published
2014/10/29
Diane Dean
