Essentially, an institution cannot engage in information sharing practices that require it to have an opt-out within its Privacy Notice. If you provide an opt-out under the Affiliate Marketing Rule on your Privacy Notice, you must also have provided the Notice and opt-out previously or provide it separately from your Privacy Notice as well. In addition, the model Privacy Notice must be used and there cannot have been any substantive changes required to the Notice (concerning information sharing or safeguarding practices) since it was last delivered.
Eligible institutions wishing to take advantage of this alternative annual notification generally need to:
- Ensure a Privacy Notice is clearly and conspicuously posted on its website without the need for a login or other agreement.
- Mail Privacy notices within 10 days of a phone request.
These changes became effective upon publication in the Federal Register on October 28, 2014. This should give many banks the ability to forgo an annual privacy mailing. That’s good news! Just make sure that everyone involved knows and understands the conditions and requirements. We will have more information in our November newsletter (available November 1st).