Annual Privacy Notices May be Posted Online Under Certain Circumstances

Originally posted November 12, 2014

The CFPB has amended Regulation P, which requires, among other things, that financial institutions provide an annual disclosure of their privacy policies to their customers. So long as certain requirements are met, the amendment allows annual disclosures to be posted online, saving your Credit Union or CUSO time and money.

Under the new rule, instead of mailing the annual privacy notice, the financial institution can post the annual privacy notice continuously on its Web site in a clear and conspicuous manner. To make customers aware that its annual privacy notice is available through these means, the institution must convey this fact annually on an account statement, coupon book, or any other notice or disclosure the institution issues under any provision of law.

Financial institutions may post the annual privacy notice online, in lieu of mailing, if: (1) no Gramm-Leach Bliley Act opt-out rights are triggered by the financial institution’s information sharing practices; (2) it does not include on its annual privacy notice the opt-out required to share information about credit worthiness with affiliates for their everyday business purposes; (3) the requirements to share information with affiliates so that affiliate may market to the customer have previously been provided, if applicable, or the annual privacy notice is not the only notice provided to the customer; (4) the information included in the privacy notice has not changed since the customer received the previous notice; and (5) the financial institution uses the model form provided in Regulation P as its annual privacy notice.

Financial institutions must continue to mail the annual privacy notice to customers if these requirements are not met or if the customer makes such a request via telephone.

If you have any further questions on this new rule please email Amanda Smith ( or Jennifer Winston (