Financial Institutions May Now Post Annual Privacy Policies Online

Under the Gramm-Leach-Bliley Act and regulations promulgated by the Bureau of Consumer Financial Protection (Bureau), financial institutions are required to provide customers with an annual disclosure of their privacy policies. The cost of mailing paper copies to consumers is significant. The Bureau therefore promulgated a new rule effective October 28, 2014, that allows financial institutions to post their notices via alternative delivery means, including on their websites, provided certain conditions are met.

Financial institutions can avoid considerable compliance costs by using this alternative notice method.
Among the qualifications: (1) the privacy notice must not trigger any opt-out rights and the institution must have previously provided opt-out notices as required; (2) information included in the privacy notice must not have changed since the prior notice; and (3) the financial institution must use the Bureau’s model form as its annual privacy notice. Other qualifications also apply, including (but not limited to) notification to customers that the privacy policy is located online at least annually through a statement mailed to them.

For more complete information about qualifying for the alternative annual privacy policy delivery option, view the final rule here or contact Verrill Dana’s Banking Law group.