By: Ashley Elmore Drew, Esq. and Jacob Boehner, Esq.
This has been an exciting year in the world of privacy law! With the European Union breaking new ground with the General Data Protection Regulation , California following close behind with the passage of the California Consumer Privacy Act , and Vermont amending its rules, the compliance officers and lawyers of the world are hard at work parsing the voluminous codes, attempting to ascertain applicability and operationalization. Not to be outdone, the Consumer Financial Protection Bureau (“CFPB”) caught up to its 2015 mandate and finally published the final rule amending Regulation P, which implements the Gramm-Leach-Bliley Act (“GLBA”). Back in 2015, the Fixing America’s Surface Transportation Act (“FAST Act”) amended the GLBA, providing for the exception and requiring the CFPB to promulgate a corresponding rule. The new rule becomes effective September 17, 2018.
Under the CFPB’s new rule , financial institutions do not have to send an annual privacy notice where: (1) the financial institution only shares nonpublic personal information (“NPI”) with nonaffiliated third parties to the extent that it does not trigger consumer opt-out rights under the GLBA; and (2) the financial institution has not changed its policies and procedures related to disclosing NPI from the most recent version of the privacy notice sent to customers. Further, the rule provides timeframes by which financial institutions that no longer qualify for the exception must provide updated notice. Where a formerly-qualified financial institution subsequently amends its privacy policies in such a way that requires it to provide a revised policy to customers and it no longer qualifies for the exception, the revised notice will be treated as an initial notice and the institution may resume providing the annual notice from then on. However, if the formerly-qualified financial institution changes its policies such that it is no longer qualified, but not to the extent that it is required to provide a revised privacy notice, the institution must deliver the annual notice within 100 calendar days of the change in policy.
Because a financial institution that meets the conditions for alternative delivery methods will meet the conditions for the exception in the final rule, the CFPB has removed section 10169(c)(2), eliminating the alternative delivery method for annual notices. In footnote 30 of the final rule, the CFPB states that a financial institution will not jeopardize the availability of the exception by providing a privacy notice to a consumer, such as upon the consumer’s request. This is good news for organizations that look to take a measured approach to change.
It is more important than ever for financial institutions to implement and maintain a consistent change management protocol. With the state privacy laws changing rapidly, financial institutions should closely evaluate the latent consequences of altering their privacy notice procedures.
For more information, please reach out to Ashley Elmore Drew at Ashley.ElmoreDrew@gmlaw.com or Jacob Boehner at Jacob.Boehner@gmlaw.com
*The information in this article is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. No information contained in this post should be construed as legal advice from Greenspoon Marder LLP or the individual author(s), nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.
About Greenspoon Marder Greenspoon Marder LLP is a full-service law firm with over 225 attorneys and more than 20 office locations across the United States. With operations from Miami to New York and from Denver to Los Angeles, our firm attracts some of the nation’s top talent in key markets and innovation hubs. Our core practice areas include Real Estate, Litigation, and Transactional Services, complemented by the capabilities of a full-service firm. Greenspoon Marder has maintained a spot on The American Lawyer’s Am Law 200 as one of the top law firms in the U.S. since 2015, and our goal is to provide exceptional client service by developing a thorough understanding of each client’s business needs and objectives in order to provide strategic, cost-effective solutions.
MEDIA CONTACT
Natalie Villanueva, Director of Marketingnatalie.villanueva@gmlaw.com
This Greenspoon Marder LLP Client Alert is issued for informational purposes only and is not intended to be construed or used as general legal advice nor a solicitation of any type. Please contact the author(s) or your Greenspoon Marder LLP contact if you have any questions regarding the currency of this information. The hiring of a lawyer is an important decision. Before you decide, ask for written information about the lawyer’s legal qualifications and experience.
