On December 4, 2015, President Obama signed into law legislation that eliminates the need to provide annual Gramm-Leach-Bliley Act (“GLBA”) privacy notices for some financial institutions. The law effecting this change is found in Section 75001 of a major transportation funding bill, the Fixing America’s Surface Transportation Act (the “FAST Act”), Pub. L. No. 114-94.
Section 75001 of the FAST Act amends GLBA to provide that a financial institution will not be required to provide an annual privacy notice to its customers so long as it (a) shares nonpublic personal information with third parties only in accordance with the GLBA exceptions that allow such sharing without having to offer an opt-out and (b) has not changed its policies and practices with regard to sharing nonpublic personal information from those disclosed in its most recent GLBA privacy notice. This change applies to financial institutions that are regulated at the federal level with respect to GLBA privacy and data security requirements.
Section 75001 is effective as of December 4, 2015 and follows closely on regulatory initiatives by the Consumer Finance Protection Bureau and Federal Trade Commission to expand the circumstances under which financial institutions that meet certain conditions may deliver annual GLBA privacy notices by posting them on the financial institution’s website.
Insurers, insurance agents and others persons and entities licensed by state insurance regulators will not be immediately affected by Section 75001 or the federal regulatory initiatives concerning online privacy notices. State action will be necessary to apply these changes to companies and individuals licensed by state insurance regulators. Morris, Manning & Martin will be monitoring developments in this area.