Victoria Daka, Regulatory Compliance Specialist
The NCUA recently issued a regulatory alert notifying credit unions that qualifying credit unions may now provide annual privacy notices required under the Gramm-Leach-Bliley Act (GLBA) and its implementing regulation, Regulation P, by posting information online. This alert is in response to the CFPB’s recently issued final rule.
The GLBA requires financial institutions to provide their customers with annual notice of their privacy policies. The implementing regulation of GLBA, Regulation P, specifically provides ways in which financial institutions may provide this notice, which includes mail, hand delivery and now online for qualifying credit unions.
In order for credit unions to use the new alternative delivery method, they must satisfy the following conditions:
- Not disclose customer’s nonpublic personal information to nonaffiliated third parties except for purposes in which Regulation P draws out a limited exception from the opt-out requirements;
- Not include an “opt out” under the Fair Credit Report Act (FCRA) on the privacy notice;
- Must have previously satisfied the affiliate marketing provisions of FCRA and its implementing regulation, Regulation V, if applicable, or the annual privacy notice is not the only notice provided to satisfy those requirements;
- The information in the most recent privacy notice must remain consistent with previous notices with the exception of eliminating categories of information shared or parties in which the credit union shares customer information with; and
- Must use the form provided in the appendix to Regulation P for the annual privacy notice.
How the new alternative delivery method works:
The final rule permits credit unions to deliver the annual privacy notice on the credit unions’ website, provided the credit union satisfies the above conditions, and provides notice to the customer that the privacy notice is available on the credit unions’ website, compliant with the rules procedures.
The final rule provides an example of a proper disclosure.
Going forward, credit unions may…
- If the credit union elects to employ the new alternative delivery method, it must notify members through a “clear and conspicuous” notice that its privacy notices are now available on the credit unions’ website. However, the credit union must inform members that members reserve the right to continue with the traditional delivery methods of mailing or hand delivery. Credit unions should make this notification available to the member’s account statement or coupon book.
- If the credit union elects to continue delivery of annual privacy notices to customers by the traditional methods of delivery, mailing or hand delivery, it can disregard the above procedures.
To view the NCUA’s Regulatory Alert in its entirety, see here.
Please clarify how the information provided today in the Blog and the information provided December 31, 2014 in Credit Union Times correspond to one another. The CU Times story says -
Privacy Modernization Bill
The Senate also did not pass the Privacy Notification Modernization Act, which would change the current law that requires an annual privacy notification be sent to members. If the bill had become law, a credit union would only need to send a privacy notice to members if there has been a change in language from the previous year. CUNA and NAFCU supported the bill, saying it would reduce expenses for credit unions.
“The Senate privacy notice bill (S. 635) has over 70 cosponsors, which speaks for itself and should be a good candidate to move next Congress,” Jillian Pevo, NAFCU director of legislative affairs, said.
Posted by: DJ | January 12, 2015 at 10:37 AM