The Consumer Financial Protection Bureau has issued this final rule concerning the requirement that financial institutions provide an annual disclosure of their privacy policies to their customers. In some situations, financial institutions will be able to post the information online rather than provide them individually to customers, but only if the institution informs consumers annually about the availability of the online disclosures. Here's how the CFPB summarizes the key attributes of the new rule:
- Constant access to privacy policies: Previously, consumers would receive a copy of their financial institution’s privacy policies once per year. If financial institutions choose the new alternative delivery method, consumers will be able to view their institution’s privacy policies at any time, while still receiving notices through existing delivery methods if the policies’ terms change. The online privacy notices will not require a login to view. For those customers with limited or no internet access, financial institutions will have to mail annual notices within 10 days to customers who request them by phone.
- Limited data sharing: If an institution shares data with unaffiliated third parties in a way that triggers customers’ rights to opt out of such sharing, then that institution generally would not be allowed to use the alternative delivery method. For this reason, financial institutions have an incentive to limit their sharing to reduce their costs.
- Educating consumers: When financial institutions post their privacy policies on their websites using the new delivery method, they must use the model disclosure form designed by federal regulators. The model disclosure form allows consumers who are concerned about their personal information to easily understand their financial institution’s privacy policy. Consumers can thus better educate themselves about the various types of privacy policies.
- Cheaper for companies to notify consumers of privacy practices: The CFPB anticipates that the rule will reduce the cost for companies to provide annual privacy notices. The Bureau estimates that about $17 million could be saved by the industry annually if institutions choose the new online disclosure method.
