Amendment to the Annual Privacy Notice Requirement Under the Gramm-Leach-Bliley Act (Regulation P)
In July 2016 the Bureau proposed to update Regulation P to implement a December 2015 statutory amendment to the Gramm-Leach-Bliley Act. This rule finalizes that proposal. The rule provides an exception under which financial institutions that meet certain conditions are not required to provide annual privacy notices to customers. To qualify for this exception, a financial institution must not share nonpublic personal information about customers except as described in certain statutory exceptions. In addition, the rule requires that the financial institution must not have changed its policies and practices with regard to disclosing nonpublic personal information from those that the institution disclosed in the most recent privacy notice it sent. As part of its implementation, the Bureau is also amending Regulation P to provide timing requirements for delivery of annual privacy notices in the event that a financial institution that qualified for this annual notice exception later changes its policies or practices in such a way that it no longer qualifies for the exception. The Bureau is further removing the Regulation P provision that allows for use of the alternative delivery method for annual privacy notices because the Bureau believes the alternative delivery method will no longer be used in light of the annual notice exception.