The Consumer Financial Protection Bureau (CFPB) recently adopted a final rule that will permit certain financial institutions to post on their websites the annual privacy notice required under Regulation P rather than mailing the notice to their customers. The final rule became effective on Oct. 28, the date it was published in the Federal Register.
The CFPB noted in the preamble to the final rule that it intends for the new electronic delivery method to reduce information overload for consumers caused by duplicative mailings of paper privacy notices. Under this alternative delivery method, a financial institution may post its privacy notice on its website rather than mail a hard copy to its customers if:
- the financial institution uses the CFPB’s model privacy form;
- the financial institution does not disclose a customer’s nonpublic personal information to nonaffiliated third parties in a manner that triggers opt-out rights under Regulation P;
- the financial institution does not include on its annual privacy notice an opt-out notice under Section 603 of the Fair Credit Reporting Act (FCRA);
- the financial institution has already provided any required “affiliate marketing” opt-out notice required under section 624 of the FCRA, or uses a method other than website posting to provide this “affiliate marketing” opt-out notice; and
- the information in the financial institution’s privacy notice has not changed since the customer’s receipt of the prior notice.
To use the alternative delivery method, the financial institution must:
- continuously post its annual privacy notice in a clear and conspicuous manner on a page of its website, without requiring a login or similar restriction on access;
- provide a web address that directly accesses the page that contains the privacy notice without requiring the customer to click on any links; and
- mail annual notices to customers who request them by telephone, within ten days of the request.
To make customers aware that its annual privacy notice is available through these means, the institution must insert a clear and conspicuous statement at least once per year on an account statement, coupon book, or a notice or disclosure that it issues to its customers under any provision of law. The statement must:
- inform customers that the annual privacy notice is available on the financial institution's website;
- state that the institution will mail the notice to customers who request a copy by calling a specific telephone number; and
- inform customers that the notice has not changed.
The CFPB estimates the final rule may reduce the cost of providing annual privacy notices and opt-out notices under Regulation P for all financial institutions by at least $17 million. Each financial institution should consider whether it is eligible to use these streamlined disclosures so that it too can benefit from these reduced costs.
To obtain more information regarding this alert, please contact Thomas Maxwell at 317-231-7796 or thomas.maxwell@btlaw.com; Jason Bernstein at 404-264-4040 or jason.bernstein@btlaw.com or Mark Kindelin at 3172-214-8314 or mark.kindelin@btlaw.com.
You can also visit online at http://www.btlaw.com.
© 2014 Barnes & Thornburg LLP. All Rights Reserved. This page, and all information on it, is proprietary and the property of Barnes & Thornburg LLP. It may not be reproduced, in any form, without the express written consent of Barnes & Thornburg LLP.
This Barnes & Thornburg LLP publication should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own lawyer on any specific legal questions you may have concerning your situation.
Visit us online at www.btlaw.com and follow us on Twitter @BTLawNews.
