• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

CFPB Changes Annual Notice Requirement Under Reg. P

August 14, 2018 By Michael Young

On Friday, the Consumer Financial Protection Bureau announced its “finalized amendments” to Regulation P, an implementing regulation of the federal financial Gramm Leach Bliley Act. Regulation P governs the provision of privacy notices for covered financial institutions. In response to legislation passed by Congress in late 2015, the final rule issued Friday permits financial institutions to avoid providing annual privacy notices to customers in certain circumstances. In addition, in cases where the annual notice requirement remains, the final rule permits financial institutions additional flexibility in the mechanism chosen to deliver such notice to their customers.

The prior version of Regulation P required financial institutions to provide their customers with a privacy notice every 12 months without exception. The new, revised Regulation P permits financial institutions to avoid such notice if (a) the institution limits its disclosure of customer “nonpublic personal information” in accordance with defined exceptions (such as disclosures to service providers or as necessary to complete a transaction requested by the customer) and (b) the institution has not changed its policies or practices “with regard to disclosing nonpublic personal information” since the last notice provided to the customer. A financial institution which does not meet both conditions must continue to provide its customers with an annual privacy notice. The revised Regulation P does not alter existing requirements to provide an initial privacy notice or, in appropriate circumstances, a revised privacy notice.

The revised Regulation P additionally permits annual notices to be provided via a “clear and conspicuous” website posting, provided that the customer to whom the notice is provided uses the website to access their financial products and services and agrees to receive notices at the website.

The revised regulation recognizes that many covered financial institutions limit their information sharing in any case and do not frequently change these information sharing policies or practices. For these institutions, the revised Regulation P is designed to provide relief from an annual notice burden likely to have been of limited use to the institution’s customers.

Filed Under: Financial Privacy, Privacy, Regulation Tagged With: Consumer Financial Protection Bureau (“CFPB”), Regulation P

About Michael Young

Michael is counsel on the Privacy & Data Security Team. Michael focuses his practice on data privacy advising and technology transactions.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • European Commission Adopts Draft UK Adequacy Decision
  • NYDFS Issues Best Practices for Cyber Insurance Risk Management
  • Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services
  • Virginia Ready to Pass First State Privacy Statute after CCPA
  • The EDPB-EDPS Joint Opinion on Data Processing Standard Contractual Clauses: Key Takeaways
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.