CFPB Finalizes the Privacy Notices Rule; Seminar 2014 Wrap and Group Photo; Fall Fun with the Fam
Written by JiJi Bahhur, Director of Regulatory Compliance
On Monday, the CFPB announced that it finalized the privacy notices rule with the intent to promote more effective privacy disclosures from financial institutions to their customers/members. So now the answer to the burning question that so many credit unions have been asking: Does the credit union still need to send annual privacy notices to its members?Â
Short Answer
Yes, the credit union still needs to send annual privacy notices to its members; however, the CFPBâÂÂs final rule allows a credit union to post this annual privacy notice online instead of sending it out individually to members IF certain conditions are met. Â
Long(er) Answer
Under the CFPBâÂÂs privacy notices final rule, credit unions will be able to post annual privacy notices online instead of distributing an annual paper copy to each individual member, if the credit union satisfies the following conditions:
- The credit union does not share its membersâ  nonpublic personal information with nonaffiliated third parties in a manner that triggers Gramm-Leach Bliley Act (GLBA) opt-out rights;
- The credit union does not include on its annual privacy notice information about certain consumer opt-out rights under section 603 of the Fair Credit Reporting Act (FCRA);
- The credit unionâÂÂs annual privacy notice is not the only notice provided to satisfy the requirements of section 624 of the FCRA;
- The information included in the privacy notice has not changed since the member received the previous notice; and
- The credit union uses the model form provided in GLBAâÂÂs implementing Regulation P.
Credit unions that meet the conditions above and that choose to rely on this new method of delivering privacy notices are also required to:
- Convey at least annually on a regular consumer communication, such as a monthly billing statement, that the credit unionâÂÂs privacy notice is available on its website and in paper and will be mailed upon request made to the provided toll-free number. This notice or disclosure would have to also include a specific web address that takes the member directly to the privacy notice;
- Post the credit unionâÂÂs current privacy notice continuously on a page of its website that contains only the privacy notice, without requiring a login or any conditions to access the page; and
- Promptly mail (within 10 days) the credit unionâÂÂs current privacy notice to consumers who request it by telephone.
If the credit union does not meet the conditions above or chooses not to use the new disclosures method, it will need to continue to deliver annual privacy notices to its members using other delivery methods.Â
This blog wonâÂÂt address some of the nitty gritties within each of the conditions above, but I do want to make a few quick mentions:
- While this final rule constitutes an important step to achieving improved annual privacy notice requirements, it is only available to those credit unions that do not share information with nonaffiliated third parties outside of the Regulation P exceptions [Ed. 10/23] . In other words, credit unions that do share information with nonaffiliated third parties cannot take advantage of this final rule.
- NAFCU has long advocated for the elimination of duplicative and costly annual privacy notices. In its comment letter, NAFCU noted that CFPB should not require credit unions to continuously post their privacy notices on their websites. NAFCU argued that this âÂÂcontinuouslyâ verbiage would effectively require that credit unionsâ website remain functional at all times. In the preamble to the final rule, the CFPB discussed NAFCUâÂÂs concerns and emphasized that this requirement âÂÂassumes that financial institutions will post the privacy notice on their websites so that the notice is available but for occasional or unavoidable interruptions, such as routine maintenance or unexpected malfunctions.â  In other words, the credit union will not violate this requirement if its website temporarily malfunctions.
The final rule is available in its entirety here. NAFCUâÂÂs Regulatory Affairs team is working on a summary of the final rule, which when available, will be located here. Also, NAFCUâÂÂs compliance team intends to address this final rule in more depth in near future publications.Â
***
Seminar 2014 Wrap and Group Photo. Last week, NAFCU held its 2014 Regulatory Compliance Seminar. The program contained 4 days of the hottest credit union compliance topics, great speakers, and an amazing group of attendees. Below, IâÂÂve shared a group photo taken during the event.
If youâÂÂre interested in attending Seminar next year, check out some of the details here.
***
Fall Fun with the Fam. I had to sneak this in. ItâÂÂs not often that I can get the entire family to look at the camera at the same time!