A rule proposed by the Consumer Financial Protection Bureau (CFPB) last week aims to benefit financial institutions that limit their consumer-data sharing to third parties and has the potential to save those companies a collective $17 million per year in privacy disclosures.
The rule would allow companies that limit their data-sharing of consumer information to post their annual privacy notices online instead of delivering them individually.
“Consumers need clear information about how their personal information is being used by financial institutions,” stated CFPB Director Richard Cordray. “This proposal would make it easier for consumer to find and access privacy policies, while also making it cheaper for the industry to provide disclosures.”
The Gramm-Leach-Bliley Act (GLBA) requires that financial institutions send annual privacy notices to customers that describe whether and how the institution shares consumers’ nonpublic personal information.
Those institutions that do not share this information with an unaffiliated third party are required to notify consumers of their right to opt out of the sharing and inform them of how to do so.
The CFPB proposal would allow institutions to post privacy notices online instead of distributing an annual paper copy, that is, if they satisfy certain conditions such as not sharing data in ways that would trigger consumers’ “opt-out” rights, the Bureau stated.
Additionally, financial institutions would be allowed to include an insert in regular consumer communication—such as a monthly billing statement for a credit card, for example—letting consumers know that the annual privacy notice is available online and in paper form by request.
The CFPB will accept comments on the proposed rule for 30 days after its publication in the Federal Register.
A copy of the proposed rule is available here.
Written by Jason Oliva