FTC, FDIC, SEC, CFTC, NCUA, OTS, Federal Reserve and Comptroller Seek Comment on Model Gramm-Leach-Bliley Privacy Notice
Posted by Ronald London
Eight federal regulatory bodies have come together to jointly initiate a new rulemaking that seeks comment on proposed rules that would adopt a model privacy form for financial institutions to use as the notice that the Gramm-Leach-Bliley Act (GLBA) requires them to provide new customers and to existing customers on an annual basis. The GLBA requires the notice to set forth the institution’s information sharing practices and the consumer’s right to opt out of certain types of such information sharing. The notice of proposed rulemaking (NPR) is the first step in implementing Section 728 of the Financial Services Regulatory Relief Act of 2006, which amended the GLBA to require the agencies to adopt a privacy notice form that is succinct and comprehensible to consumers, allows them to compare easily the privacy practices of financial institutions, and can be easily read.
The new form jointly proffered by the Federal Reserve System’s Board of Governors, the Commodity Futures Trading Commission, Federal Deposit Insurance Corporation, Federal Trade Commission, Securities Exchange Commission, National Credit Union Administration, and Offices of the Comptroller of the Currency and of Thrift Supervision, is embedded in and can be viewed as part of the NPR. Comments are due sixty days after the NPR appears in the Federal Register on May 29, 2007.
The model privacy form the agencies ultimately adopt will serve as a “safe harbor” that financial institutions may use to provide disclosures under the privacy rules, and would supplant – and strip safe harbor treatment currently afforded to – sample privacy notice clauses found in most of the agencies’ rules (a one-year “transition period” will be afforded financial institutions using notices based on the current rules). The agencies claim the proposed model form is a “prototype privacy notice” developed after a year-long testing process with consumers. The model and rules adopting it would specify how many pages the notice should cover, type size, line spacing, font, and layout, among other specifics.
The NPR proposes printing each page of the model form on one side of an 8.5” x 11” nonglossy page so that each can be viewed simultaneously, and the use of white or light-colored paper with black or suitably contrasting color ink. The NPR states that financial institution that will use the model form will be able to include corporate logos so long as they does not interfere with the form’s readability, and the Agencies seek comment on other formats that may achieve readability and ease-of-use. The form and NPR also provide sample clauses of language that will satisfy GLBA requirements. The NPR seeks comment on all aspects of the model form, including its content and format and whether it provides sufficient flexibility for financial institutions to disclose their sharing practices accurately.
