Last week, Rep. Blaine Luetkemeyer (R-MO) introduced legislation (H.R. 5817) to limit the obligations of certain financial institutions to provide an annual privacy notice to consumers.  Under the Gramm-Leach-Bliley Act (“GLBA”), financial institutions must provide customers an initial privacy notice and, for the duration of a customer relationship, an annual privacy notice that describes the company’s information-sharing practices.  While anything is possible in Washington, particularly in a Presidential election year, the expectation is that this bill is unlikely to progress to enactment.

Under H.R. 5817, a financial institution would not be obligated to provide customers with an annual privacy notice so long as the company shares information only in certain limited respects (that are more narrow than those permitted under federal law) and provided that the company has not changed its privacy policies or practices from those disclosed in its most recent privacy notice.   Specifically, the carve-out would only be available to those financial institutions that do not share information in either of the following respects:

  • with affiliates, even to the extent permissible under the Fair Credit Reporting Act; or
  • with unaffiliated third parties, except as authorized under certain “exceptions” to sharing under GLBA, such as those that contemplate disclosures to service providers, law enforcement, or as necessary to fulfill a transaction requested by the customer.  In the absence of an available exception, GLBA generally permits financial institutions to share nonpublic personal information with unaffiliated third parties only to the extent that the financial institution has provided the customer with a reasonable opportunity to opt out of the sharing of the information.

Whereas GLBA defines financial institutions subject to its notice obligations broadly, H.R. 5817 also would carve out certain state-licensed financial institutions that are “subject to existing regulation of consumer confidentiality that prohibits disclosure of nonpublic personal information without knowing and express consent of the consumer.”  Insurance companies and money transmission services are among the financial institutions that typically are licensed by state authorities.

Tags: Financial Institutions, GLBA, Insurance, Legislation, Privacy Notice
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws.

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations. 

Chambers USA 2024 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”

Read more about Libbie CanterEmail
Show more Show less