The CFPB proposed a rule on Tuesday to allow firms that limit sharing of consumer data and those that meet similar requirements to post annual privacy notices online rather than through direct communications with the consumer.
Under the Gramm-Leach-Bliley Act, financial institutions are generally required to send out an annual privacy notice detailing how the institution treats consumers’ confidential personal information. Institutions that share the information with an unaffiliated third party must notify consumers of their right to opt out of the sharing and must inform them of how to do it.
The rule, which seeks to promote more efficient and effective privacy disclosures, would allow banks and supervised nonbanks that satisfy certain conditions to use a model disclosure form issued by regulators online to replace paper copies of the disclosure.
“If a financial institution limits its types of sharing to those which do not trigger opt-out rights, it may provide a ‘simplified’ annual privacy notice to its customers that does not include opt-out information,” the proposal said.
Institutions interested in relying on the online disclosure method must inform consumers annually about the availability of the disclosures. While banks and nonbanks are currently required to send out separate communication about privacy disclosures, the proposal would allow institutions to insert a notice of privacy disclosures in regular communications with the consumer.
“Consumers need clear information about how their personal information is being used by financial institutions,” CFPB Director Richard Cordray said. “This proposal would make it easier for consumers to find and access privacy policies, while also making it cheaper for industry to provide disclosures.”