Last week, Rep. Blaine Luetkemeyer (R-MO) introduced legislation (H.R. 5817) to limit the obligations of certain financial institutions to provide an annual privacy notice to consumers.  Under the Gramm-Leach-Bliley Act (“GLBA”), financial institutions must provide customers an initial privacy notice and, for the duration of a customer relationship, an annual privacy notice that describes the company’s information-sharing practices.  While anything is possible in Washington, particularly in a Presidential election year, the expectation is that this bill is unlikely to progress to enactment.

Under H.R. 5817, a financial institution would not be obligated to provide customers with an annual privacy notice so long as the company shares information only in certain limited respects (that are more narrow than those permitted under federal law) and provided that the company has not changed its privacy policies or practices from those disclosed in its most recent privacy notice.   Specifically, the carve-out would only be available to those financial institutions that do not share information in either of the following respects:

  • with affiliates, even to the extent permissible under the Fair Credit Reporting Act; or
  • with unaffiliated third parties, except as authorized under certain “exceptions” to sharing under GLBA, such as those that contemplate disclosures to service providers, law enforcement, or as necessary to fulfill a transaction requested by the customer.  In the absence of an available exception, GLBA generally permits financial institutions to share nonpublic personal information with unaffiliated third parties only to the extent that the financial institution has provided the customer with a reasonable opportunity to opt out of the sharing of the information.

Whereas GLBA defines financial institutions subject to its notice obligations broadly, H.R. 5817 also would carve out certain state-licensed financial institutions that are “subject to existing regulation of consumer confidentiality that prohibits disclosure of nonpublic personal information without knowing and express consent of the consumer.”  Insurance companies and money transmission services are among the financial institutions that typically are licensed by state authorities.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.