Victoria Daka, Regulatory Compliance Specialist
The NCUA recently issued a regulatory alert notifying credit unions that qualifying credit unions may now provide annual privacy notices required under the Gramm-Leach-Bliley Act (GLBA) and its implementing regulation, Regulation P, by posting information online. This alert is in response to the CFPB’s recently issued final rule.
The GLBA requires financial institutions to provide their customers with annual notice of their privacy policies. The implementing regulation of GLBA, Regulation P, specifically provides ways in which financial institutions may provide this notice, which includes mail, hand delivery and now online for qualifying credit unions.
In order for credit unions to use the new alternative delivery method, they must satisfy the following conditions:
- Not disclose customer’s nonpublic personal information to nonaffiliated third parties except for purposes in which Regulation P draws out a limited exception from the opt-out requirements;
- Not include an “opt out” under the Fair Credit Report Act (FCRA) on the privacy notice;
- Must have previously satisfied the affiliate marketing provisions of FCRA and its implementing regulation, Regulation V, if applicable, or the annual privacy notice is not the only notice provided to satisfy those requirements;
- The information in the most recent privacy notice must remain consistent with previous notices with the exception of eliminating categories of information shared or parties in which the credit union shares customer information with; and
- Must use the form provided in the appendix to Regulation P for the annual privacy notice.
How the new alternative delivery method works:
The final rule permits credit unions to deliver the annual privacy notice on the credit unions’ website, provided the credit union satisfies the above conditions, and provides notice to the customer that the privacy notice is available on the credit unions’ website, compliant with the rules procedures.
The final rule provides an example of a proper disclosure.
Going forward, credit unions may…
- If the credit union elects to employ the new alternative delivery method, it must notify members through a “clear and conspicuous” notice that its privacy notices are now available on the credit unions’ website. However, the credit union must inform members that members reserve the right to continue with the traditional delivery methods of mailing or hand delivery. Credit unions should make this notification available to the member’s account statement or coupon book.
- If the credit union elects to continue delivery of annual privacy notices to customers by the traditional methods of delivery, mailing or hand delivery, it can disregard the above procedures.
To view the NCUA’s Regulatory Alert in its entirety, see here.