The Consumer Financial Protection Bureau is moving to promote privacy.
The agency proposed a rule earlier this week that would allow financial firms to post annual privacy notices online -- if they limit their sharing of customer data.
Financial institutions are currently required under the Gramm-Leach-Bliley Act, or GLBA, to send annual privacy notices via snail mail to consumers. Firms that trigger consumer opt-out rights will still have to send mailers every year under the new proposal. Opt-out rights are triggered when a bank, for instance, shares nonpublic personal information with an unaffiliated third party, such as a credit monitoring or payment protection insurance provider.
Firms that take the CFPB up on its offer would be required to use the model disclosure form federal regulatory agencies developed in 2009. They also have to notify customers annually that the online firm is available, but these notices can be included in other mailers, such as a billing statement.
"This proposal would make it easier for consumers to find and access privacy policies, while also making it cheaper for industry to provide disclosures,” said CFPB Director Richard Cordray in a press release.
The move: A big win for everyone involved?
"It's a total waste of money [for financial firms] to send these notices every year," says Rick Fischer, senior partner at law firm Morrison & Foerster LLP, which represents banks and other financial services companies. "In fact, it's counterproductive because the more notices a consumer receives, the less they pay attention to them."
According to Fischer, a majority of financial institutions, including the very large ones, are already no-share institutions. He believes the CFPB's proposal could inspire more firms to join the fray, as long as the agency clarifies whether slight modifications can be made to the aforementioned model privacy disclosure.
That's "the fly in the ointment," he says, since banks are in the habit of tweaking this form for legal purposes.
The CFPB's new rule will be open to comments for 30 days after its publication in the Federal Register.
Do you read your bank's annual privacy notices? Do you think it would be more helpful if they were posted online? Let us know in the comments below!
Follow me on Twitter: @JeanineSko.