An amendment to the Gramm-Leach-Bliley Act ("GLBA") that was signed into law December 4, 2015, takes effect immediately and provides a new exception to the annual privacy notice requirement under GLBA. The existing language in GLBA requires financial institutions to provide their customers with initial and annual privacy notices regarding their privacy policies and information-sharing practices.

Section 75001 of the Fixing America's Surface Transportation Act (the "FAST Act") amends Section 503 of the GLBA by adding an exception to the requirement that financial institutions send annual privacy notices. The exception states that a financial institution is not required to provide an annual privacy notice if it:

  1. only shares nonpublic personal information ("NPI") with nonaffiliated third parties in a way that does not require the financial institution to provide an opt-out right to customers; and
  2. has not changed its policies and procedures with regard to disclosing NPI since it last sent the privacy notice to its customers.

This comes a little more than a year after the Consumer Financial Protection Bureau ("CFPB") amended Regulation P, which implements the GLBA to permit financial institutions to post privacy notices online in lieu of sending them to customers if certain conditions are met. This change provided financial institutions the potential to save significant posting, printing, and administration costs involved in sending out the annual privacy notices each year.

Even after this latest statutory change, financial institutions are still required to provide initial privacy notices. Also, if a financial institution later decides to disclose NPI in a way that requires the financial institution to provide an opt-out to its customers, the institution would then be required to send an updated privacy notice to all of its customers.

What This Means for You:

Financial institutions, especially those preparing to send their annual privacy notices at the beginning of 2016, should examine their privacy policies to determine whether they qualify for the new exception created under the FAST Act. Dykema's bank regulatory and operations lawyers counsel on GLBA and Regulation P and prepare privacy notices for many of our financial institutions clients. We are happy to counsel on the nuances and potential cost savings regarding this recent change in law.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.