In October 2006, Congress passed the Financial Services Regulatory Relief Act of 2006 which amended the Gramm-Leach-Bliley Act (GLB) to require the agencies to propose a new format for the privacy notice that is succinct, easy to comprehend, and easy to read. Three years later, after much consumer testing, a new form is born. The new Model Privacy Notice standardizes the format for the required information. Prior to these final rules, financial institutions had latitude in developing their own privacy notice and in use of the sample clauses provided in the regulation. The new standard notice was developed to provide consistent implementation of consumer privacy disclosures. It also permits entities regulated by more than one agency to supply a single privacy notice to all of its consumer account holders. On December 31, 2010, the agencies are eliminating the safe harbor provisions for notices based on sample clauses that are currently in the regulation. After December 31, 2010, the new model form will be the only privacy notice available to financial institutions in order to maintain the safe harbor. The agencies have developed an online form builder tool that facilitates the creation of the new notice and can be saved into a portable document format (.pdf) file.

Before you begin the task of building the notice, or at least before it is put to use, be sure to pay attention to the details in Appendix A. The final rules require use of the form consistent with its instructions in Appendix A to constitute compliance with the notice requirements. The word “must” appears throughout the document. So, here are some details; a few “musts,” to consider:

• Must be printed in portrait orientation
• Must be printed on white or light colored paper (such as cream)
• Must be printed in an easily readable type font that is a minimum of 10-ponts
• Must have the last revision date and it “shall” appear in 8-point font
• The bulleted list of types of personal information collected must use the term “Social Security number” in the first bullet & must use five from a prescribed list
• Must provide an accurate “Yes” or “No” response in each section of the “Does it share” column
• Must provide response of “Yes” “No” or “We don’t share” in the “Can you limit sharing” column. Note that if the answer to whether you share is “No” the response under “Can you limit this sharing” must be “We don’t share”
• For our affiliates’ everyday business purpose – information about creditworthiness – must provide an opt out
• For our affiliates to market to you – Must provide an opt out - (can be a separate opt out)
• In the definitions section – Must customize the space below the definitions in italicized lettering

There are more “musts,” so we “must” pay attention to these details.

By: Alice Judd, CRP, CRCM
Regional Director, Mid-Atlantic, ICS Compliance