CFPB Proposes Rule to Increase Efficiency of Privacy Disclosures

Banker Resource
June 27, 2014 — 5,088 views  
Become a Bronze Member for monthly eNewsletter, articles, and white papers.

CFPB Proposes Rule to Increase Efficiency of Privacy Disclosures

The Consumer Financial Protection Bureau has spent its initial years in existence taking on rogue collection agencies, exploitative banks, and tough credit card terms of service. Its most recent effort, however, might be a bigger boon to banks than to the average consumer. The agency recently revealed plans to increase the effectiveness and efficiency of privacy disclosures. These disclosures must be sent out by financial institutions when an account is first opened and on an annual basis thereafter, and they must also be sent if the financial institution engages in any information or data sharing with third-party enterprises throughout the year. Under new rules, certain banks would be exempt from sending these disclosures. It is perhaps the biggest adjustment to the Gramm-Leach-Bliley Act since its inception.

Key Exemptions: A Look at How the Rule Might Change the Gramm-Leach-Bliley Act

There are key justifications for limiting the number of privacy disclosures sent out by financial institutions under the CFPB's proposed rule. If an institution meets these requirements, it will be required to send out only an annual notice that a privacy disclosure is available for online viewing. These requirements are as follows:

1. Financial institutions can't be involved in sharing any customer data with external parties that are not directly involved in banking or lending practices. This saves them from triggering what is known as the "opt-out clause," and means they will not have to send a third-party privacy disclosure on a yearly schedule.

2. Similarly, the bank or financial institution must not include the Fair Credit Reporting Act's "opt out" notice anywhere within its privacy statement. This is in line with the request that banks not share consumer data with third-party lenders or other departments.

3. Banks should be willing to provide more frequent notification of the availability of a privacy policy. This might take the form of a brief snippet on a bank statement instead of a separate mailing and full documentation of privacy rules.

4. The privacy policy must remain the same from year to year. If there are any changes to the policy at any time, a full disclosure of the policy and its changes must be mailed to consumers.

5. Banks still must follow the regulations found in "Regulation P" of the Gramm-Leach-Bliley Act as a model for developing their own privacy policy. If they do not comply with this requirement, traditional disclosure rules and mailing requirements will apply.

All told, these newly proposed rules make it easier for banks to notify customers of their privacy rights through smaller, more frequent disclosures in existing e-statement releases or printed materials that are sent out on a routine basis each month. Their goal is to increase awareness of privacy policies, build better online availability of these policies, and encourage banks to save money that will translate directly to a consumer savings. It is this focus on consumer access and easier notification that the CFPB hopes will result in a more consumer-friendly banking and lending environment over the long-term.


Banker Resource