Skip to main content

CFPB Finalizes Rule to Promote More Effective Privacy Disclosures

Oct 20, 2014

The Consumer Financial Protection Bureau (CFPB) has finalized a rule to promote more effective privacy disclosures from financial institutions to their customers. The new rule, which was proposed in May, allows companies that limit their consumer data-sharing and meet other requirements to post their annual privacy notices online rather than delivering them individually. 

"Consumers need clear and accessible information about how their personal information is being used in the marketplace, but some of these requirements were redundant," said CFPB Director Richard Cordray. "Posting privacy notices online will make it easier for consumers to access these important policies, while also making it cheaper for financial institutions to provide disclosures."

The Gramm-Leach-Bliley Act (GLBA) generally requires that financial institutions send annual privacy notices to customers. These notices must describe whether and how the financial institution shares consumers’ non-public personal information. If the institution does share this information with an unaffiliated third party, it typically must notify consumers of their right to opt out of the sharing and inform them of how to do so.

Under the CFPB’s new rule, financial institutions will be able to post privacy notices online instead of distributing an annual paper copy, if they satisfy certain conditions such as not sharing data in ways that would trigger consumers’ opt-out rights. The new rule applies to both banks and those nonbanks that are within the CFPB’s jurisdiction under the GLBA. Institutions that choose to rely on this new method of delivering privacy notices will be required to use the model disclosure form developed by federal regulatory agencies in 2009.

Under the new rule, if an institution qualifies for and wants to rely on the online disclosure method, it will have to inform consumers annually about the availability of the disclosures. Previously, institutions were required to send consumers a separate communication about privacy disclosures. The new rule allows institutions to include a notice on a regular consumer communication, such as a monthly billing statement for a credit card, letting consumers know that the annual privacy notice is available online and in paper by request at a provided telephone number. If an institution chooses not to use the new disclosure method, it will need to continue to deliver annual privacy notices to its customers using other delivery methods.

According to the CFPB, the benefits of the new rule include:
Constant access to privacy policies: Previously, consumers would receive a copy of their financial institution’s privacy policies once per year. If financial institutions choose the new alternative delivery method, consumers will be able to view their institution’s privacy policies at any time, while still receiving notices through existing delivery methods if the policies’ terms change. The online privacy notices will not require a login to view. For those customers with limited or no internet access, financial institutions will have to mail annual notices within 10 days to customers who request them by phone. 

Limited data sharing: If an institution shares data with unaffiliated third parties in a way that triggers customers’ rights to opt out of such sharing, then that institution generally would not be allowed to use the alternative delivery method. For this reason, financial institutions have an incentive to limit their sharing to reduce their costs.

Educating consumers: When financial institutions post their privacy policies on their websites using the new delivery method, they must use the model disclosure form designed by federal regulators. The model disclosure form allows consumers who are concerned about their personal information to easily understand their financial institution’s privacy policy. Consumers can thus better educate themselves about the various types of privacy policies.

►Cheaper for companies to notify consumers of privacy practices: The CFPB anticipates that the rule will reduce the cost for companies to provide annual privacy notices. The Bureau estimates that about $17 million could be saved by the industry annually if institutions choose the new online disclosure method.

The Bureau is finalizing the rule largely as it was proposed in May, with a number of technical, clarifying, and minor revisions. The rule will be effective immediately upon publication in the Federal Register.

The final rule is available at: http://files.consumerfinance.gov/f/201410_cfpb_final-rule_annual-privacy-notice.pdf

About the author
Published
Oct 20, 2014
Equifax Paying $15 Million For Consumer Dispute Failures

The CFPB filed a lawsuit against fellow credit-giant Experian two weeks ago alleging the same

New Maryland Licensing Regs Spark Funding Uncertainty

Actions taken this week require all secondary market investors to be NMLS licensed in the state

How To Help Borrowers Spot Red Flags Of Mortgage Fraud

Nine years after a foreclosure relief scam unfolded, the FTC is releasing seized funds. Lessons for LOs abound in how it all went down.

The Mortgage Firm Settles Redlining Claims With Justice Department

Referral networks' disparate impacts on display in third redlining settlement with a nonbank mortgage lender

Jan 09, 2025
Final Rule Banning Medical Debt From Credit Reports Issued

The CFPB says the rule will produce 22,000 more mortgages each year, but some disagree with its premise

CFPB Sues Vanderbilt Mortgage For Trapping Borrowers In Risky Loans

The regulator alleges that the manufactured-home lender ignored obvious red flags about borrowers' ability to repay