Mailboxes once were full of junk mail, but much of that went away when the Direct Marketing Association let consumers opt out of unsolicited commercial mailers. Banks and credit card issuers, however, have been required for the past decade to mail their customers annual privacy notices. In an interesting twist, a proposed CFPB proposal would make much of that often-unread paper simply disappear from mailboxes altogether.
They’ve done it with those bulky stock prospectuses, so why not cut back on mailings of annual privacy notices from financial institutions. After all, it could save the institutions a combined $17 million yearly.
There’s a good chance it might just happen. A really good chance.
Last week, the Consumer Financial Protection Bureau proposed a new rule designed to make privacy disclosures for financial institutions more effective, and less expensive and tedious. Instead of mailing out the notices each year to perhaps millions of customers, card issuers and other financial organizations within the bureau’s jurisdiction may post the notices online.
But they may only do so if they satisfy certain conditions, such as not sharing data in ways that would trigger consumers’ opt-out rights, according to the CFPB.
“Consumers need clear information about how their personal information is being used by financial institutions,” bureau Director Richard Cordray said in a statement. “This proposal would make it easier for consumers to find and access privacy policies, while also making it cheaper for industry to provide disclosures.”
The proposal would apply to both banks and those nonbanks that are within the CFPB’s jurisdiction. The bureau will make the proposal available for public comment for 30 days.
Under the Gramm-Leach-Bliley Act of 1999, financial institutions became required to send annual notices to their customers describing whether and how they share consumers’ nonpublic personal information, effective July 2001. If the institution shares this information with an unaffiliated third party, it typically must notify consumers of their right to opt out of the sharing and inform them of how to do so.
The act, however, does not stop an institution from providing personal information to outside companies and organizations, according to the Federal Deposit Insurance Corp. (FDIC). Such instances, for example, can be when the information is used to market the institution’s own products or services; promote certain products or services jointly with another financial institution; or enable a third party to help conduct normal business for the institution, such as handling data processing for accounts or mailing account statements, the FDIC says on its website.
In addition, the Fair Credit Reporting Act (FCRA) allows an institution to share with affiliates (other parts of the same corporate family) certain information based on customers’ transactions with the institution, and the customer may not have the option to opt out.
For example, according to the FDIC, a bank can tell an affiliated brokerage firm that a customer has a certificate of deposit about to mature, so it can offer the individual an investment alternative. The consumer’ bank, however, cannot provide an affiliate with personal information, such as from a credit report or loan application unless the individual is given a chance to opt out. That’s because that information is not based solely on transactions conducted with the bank.
The CFPB’s proposal would apply to both banks and those nonbanks that are within the bureau’s jurisdiction under the act. Institutions choosing to use the new method to deliver privacy notices would have to use the model disclosure form federal regulatory agencies developed in 2009.
Moreover, institution qualified for and wanting to rely on the online disclosure method would have to inform consumers annually about the availability of the disclosures. Currently, institutions must send consumers a separate communication about privacy disclosures.
But under the bureau’s proposed rule, they may insert the communication about online access to the privacy disclosures in regular consumer communication, such as a monthly billing statement for a credit card. They also must let them know they may receive the disclosure in a paper form by request at a toll-free telephone number.
Institutions choosing not to use the online disclosure method would simply continue to deliver annual privacy notices via mail to their customers.
As the CFPB sees it, its proposed rule offers several benefits: