News Stay informed about the latest enterprise technology news and product updates.

Regulators issue standardized privacy notice form for GLBA compliance

Model form aims to make it easier for consumers to understand banks' privacy policies and help financial institutions meet GLBA requirements

Federal regulators on Tuesday released a standardized form designed to make it easier for consumers to understand financial institutions' privacy policies

Banks and other financial-services firms are required by the Gramm-Leach-Bliley Act (GLBA) to notify consumers about how they share nonpublic personal information with affiliated and nonaffiliated third parties. The privacy notices also must inform consumers of their right to opt out of certain sharing practices.

But the GLBA requirements didn't prescribe a specific format for the notices and since 2001, when banks needed to comply with the rule, many notices to consumers have been long and complex, according to federal regulators. Formatted in various ways, the notices make it hard to compare privacy policies, regulators said in a document detailing the privacy form and its development.

The standardized form, released by eight agencies including the FDIC, SEC, and the National Credit Union Administration, aims to make it easy for consumers to compare the privacy practices of different financial institutions. The model is a result of the Financial Services Regulatory Relief Act of 2006, which amended GLBA to require federal regulators to develop a succinct and easy-to-read form.

Financial institutions are not required to use the form but those that do will obtain a "safe harbor" and satisfy GLBA's requirements for privacy policy disclosure, regulators said. With the new form, regulators plan to end safe harbor after Jan. 1, 2012 for notices based on the sample clauses previously includes in agencies' privacy rules.

Regulators said new financial institutions could benefit by using the form because it would save them time and resources in developing their own notices.

Robert Rowe, vice president and senior counsel at the Washington, D.C.-based American Bankers Association, said the ABA is still reviewing the new form. "There are certain benefits to it," he said, but added, "The greatest value isn't necessarily a one-size fits-all safe harbor."

Many banks are about to send out notices, so the industry won't see much change right away, he said. "Smaller institutions will gravitate toward the model more quickly. Larger institutions like to put their own stamp on things," Rowe said.

Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, a San Diego, Calif.-based consumer nonprofit organization, said the standardized notice is an improvement over the privacy notices many companies send now.

"We've found that most existing privacy policies are practically indecipherable to consumers," he said. "Most look at them, their eyes glaze over and they toss them out without reading them."

Presenting privacy policies in a more user-friendly format will make it easier for consumers, Stephens said, but added that it's important to note that the model form isn't mandatory for institutions to use.

"It remains to be seen to what extent the financial-services industry will embrace the model notices when they issue their privacy policies," he said.

Dig Deeper on GLBA compliance requirements

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.