Skip to main content

CFPB Finalizes Rule to Promote More Effective Privacy Disclosures

Oct 20, 2014

The Consumer Financial Protection Bureau (CFPB) has finalized a rule to promote more effective privacy disclosures from financial institutions to their customers. The new rule, which was proposed in May, allows companies that limit their consumer data-sharing and meet other requirements to post their annual privacy notices online rather than delivering them individually. 

"Consumers need clear and accessible information about how their personal information is being used in the marketplace, but some of these requirements were redundant," said CFPB Director Richard Cordray. "Posting privacy notices online will make it easier for consumers to access these important policies, while also making it cheaper for financial institutions to provide disclosures."

The Gramm-Leach-Bliley Act (GLBA) generally requires that financial institutions send annual privacy notices to customers. These notices must describe whether and how the financial institution shares consumers’ non-public personal information. If the institution does share this information with an unaffiliated third party, it typically must notify consumers of their right to opt out of the sharing and inform them of how to do so.

Under the CFPB’s new rule, financial institutions will be able to post privacy notices online instead of distributing an annual paper copy, if they satisfy certain conditions such as not sharing data in ways that would trigger consumers’ opt-out rights. The new rule applies to both banks and those nonbanks that are within the CFPB’s jurisdiction under the GLBA. Institutions that choose to rely on this new method of delivering privacy notices will be required to use the model disclosure form developed by federal regulatory agencies in 2009.

Under the new rule, if an institution qualifies for and wants to rely on the online disclosure method, it will have to inform consumers annually about the availability of the disclosures. Previously, institutions were required to send consumers a separate communication about privacy disclosures. The new rule allows institutions to include a notice on a regular consumer communication, such as a monthly billing statement for a credit card, letting consumers know that the annual privacy notice is available online and in paper by request at a provided telephone number. If an institution chooses not to use the new disclosure method, it will need to continue to deliver annual privacy notices to its customers using other delivery methods.

According to the CFPB, the benefits of the new rule include:
Constant access to privacy policies: Previously, consumers would receive a copy of their financial institution’s privacy policies once per year. If financial institutions choose the new alternative delivery method, consumers will be able to view their institution’s privacy policies at any time, while still receiving notices through existing delivery methods if the policies’ terms change. The online privacy notices will not require a login to view. For those customers with limited or no internet access, financial institutions will have to mail annual notices within 10 days to customers who request them by phone. 

Limited data sharing: If an institution shares data with unaffiliated third parties in a way that triggers customers’ rights to opt out of such sharing, then that institution generally would not be allowed to use the alternative delivery method. For this reason, financial institutions have an incentive to limit their sharing to reduce their costs.

Educating consumers: When financial institutions post their privacy policies on their websites using the new delivery method, they must use the model disclosure form designed by federal regulators. The model disclosure form allows consumers who are concerned about their personal information to easily understand their financial institution’s privacy policy. Consumers can thus better educate themselves about the various types of privacy policies.

►Cheaper for companies to notify consumers of privacy practices: The CFPB anticipates that the rule will reduce the cost for companies to provide annual privacy notices. The Bureau estimates that about $17 million could be saved by the industry annually if institutions choose the new online disclosure method.

The Bureau is finalizing the rule largely as it was proposed in May, with a number of technical, clarifying, and minor revisions. The rule will be effective immediately upon publication in the Federal Register.

The final rule is available at: http://files.consumerfinance.gov/f/201410_cfpb_final-rule_annual-privacy-notice.pdf

About the author
Published
Oct 20, 2014
In Wake Of NAR Settlement, Dual Licensing Carries RESPA, Steering Risks

With the NAR settlement pending approval, lenders hot to hire buyers' agents ought to closely consider all the risks.

A California CRA Law Undercuts Itself

Who pays when compliance costs increase? Borrowers.

CFPB Weighs Title Insurance Changes

The agency considers a proposal that would prevent home lenders from passing on title insurance costs to home buyers.

Fannie Mae Weeds Out "Prohibited or Subjective" Appraisal Language

The overall occurrence rate for these violations has gone down, Fannie Mae reports.

Arizona Bans NTRAPS, Following Other States

ALTA on a war path to ban the "predatory practice of filing unfair real estate fee agreements in property records."

Kentucky Legislature Passes Bill Banning NTRAPS

The new law prohibits the recording of NTRAPS in property records, creates penalties if NTRAPS are recorded, and provides for the removal of NTRAPS currently in place.