Joint Comment Letter to CFPB re Regulation P, privacy provisions of Gramm-Leach-Bliley

Dear Ms. Jackson:

The American Bankers Association (ABA), the Consumer Bankers Association (CBA), the Financial Services Roundtable (FSR),3 the Independent Community Bankers of America (ICBA) and the Securities Industry and Financial Markets Association (SIFMA) (collectively, “the Associations”) appreciate the opportunity to comment on the notice issued by the Consumer Financial Protection Bureau (CFPB or Bureau) proposing to amend Regulation P (Proposal), the rule which implements the consumer privacy provisions of the Gramm-Leach-Bliley Act (GLBA). The Proposal is intended to provide more effective and efficient disclosures to consumers while alleviating unnecessary regulatory burden. The Associations support the purpose of the change but believe that the Proposal falls short of its intended goal and we urge the CFPB not to adopt it as proposed. Instead, we encourage the Bureau to provide what consumers need and want: information about how their personal data is collected and shared and, when the right to opt-out exists, a convenient way to exercise that right.

Regulation P currently requires financial institutions to provide an annual disclosure of their privacy policies to their customers. Our members’ customers complain about being confused and annoyed because year after year they are inundated with written privacy notices when nothing has changed. For our members, mailing notices every year under these circumstances is a costly and unnecessary burden. When the CFPB indicated its consideration to streamline the annual notice requirement, we and our members hoped the Bureau would take the dysfunctional nature of the current process into account. We also hoped that the CFPB would consider the impact of the digital revolution on the consumer financial services marketplace.

While the Proposal would create an alternative method for delivering the annual privacy notice, the alternative is so circumscribed that it has very little practical value to consumers or financial service providers. As discussed below, the Associations strongly urge the CFPB to eliminate the annual notice as superfluous where there is no sharing under either GLBA or Fair Credit Reporting Act (FCRA) that would require the institution to offer customers an opt-out.

To be eligible to take advantage of the CFPB’s proposed alternative delivery method, a financial institution must not have changed its information sharing practices, must only share information in accordance with one of the statutory exceptions, and must post its privacy notice online. Furthermore, the online notice option would only be available to institutions that do not share data with either affiliates or unaffiliated third parties in any manner that triggers customers’ rights to opt-out of such sharing, while strictly adhering to the model form. Financial institutions eligible for the online notice option would still be required to provide the GLBA privacy notice to any customer on request.


To read the full Comment Letter, please download the PDF.