On April 15, 2010, the Federal Trade Commission, the Federal Reserve Board, the Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the Securities and Exchange Commission (Agencies) released an online form builder for the new Gramm-Leach-Bliley Act (GLB) safe harbor privacy notices. The Agencies developed the online form builder in conjunction with the Agencies’ December 2009 release of model GLB safe harbor form privacy notices. The online form builder allows entities to download a PDF version of the model forms with fillable fields. Entities can complete the fields and print a completed notice. If properly completed, the model forms provide safe harbor protection for the GLB privacy notice requirement.
The online form builder is intended to be fool-proof. But it won’t work for everyone. For those who can use the online form builder, consider the following tips that will help you create your new, compliant privacy notice:
Choose the correct form. There are four different forms from which to choose. If you do not offer an opt-out, you must use the form that does not have an opt-out. Also, note that the online form builder does not include a mail-in opt-out form. If you want to accept opt-outs by mail, you must develop your own form.
Follow directions. When completing the form using the online form builder, be sure to reference the instructions provided by the Agencies. Simply using the online form builder is not enough to secure safe harbor protection. The forms must be completed properly in accordance with the instructions.
Financial institution name. When completing the blanks for the name of the financial institution, use the name that customers know. For instance, if you use a d/b/a on all of your marketing materials and contracts, the form should be completed to indicate that the d/b/a name is providing the notice. You must then disclose the corporate name on page 2 of the form.
Fill in all of the blanks. If you leave any portion of the form empty (except for the “Other information” box), you will lose safe harbor protection. If there are items that do not seem to apply, you may be using the incorrect version of the privacy notice.
“To Limit Our Sharing.” In this table, there is a place for the financial institution to indicate the number of days after which it may begin sharing customer information. This timeframe must be at least 30 days from the date the notice is sent to the customer.
“Questions?” In this field, the financial institution must provide customer service contact information. Be sure that any telephone number or website listed includes customer service information.
Although the online form builder will undoubtedly make compliance with the new GLB notice requirements easier, financial institutions still need to be sure that the ultimate form accurately reflects information sharing practices. There is no one-size fits all. The online form builder can be found at http://www.federalreserve.gov/bankinforeg/privacy_notice_instructions.pdf.
Meghan Musselman is an associate in the Maryland office of Hudson Cook, LLP. Basis Points readers can reach Meghan at 410-865-5403 or by email at mmusselman@hudco.com.