By Ani Gevorkian
Under the Gramm-Leach-Bliley Act (GBLA), a financial institution generally must send annual privacy notices to customers that describe whether and how the financial institution shares their nonpublic personal information. An institution that shares this information with unaffiliated third parties generally must notify customers of their right to opt out of the sharing and provide instructions on how to do so.
Under the new rule, a financial institution may meet GBLA requirements by posting privacy notices online instead of distributing an annual paper copy, as long as the institution adheres to certain requirements. For instance, the institution may not share data in ways that trigger customers’ opt-out rights. They must also continue to send notices through existing delivery methods if the policies’ terms change or if a customer with limited internet access requests by phone to receive a notice.
Continue Reading CFPB Finalizes Rule to Allow Online Privacy Disclosures from Financial Institutions