Federal agencies have already adopted the new Model Privacy Notice forms for compliance with the Gramm-Leach Bliley Act (GLBA) and its implementing regulation, the FTC’s Financial Privacy Rule. However, starting on January 1, 2011, “financial institutions” subject to the GLBA will have to use new model privacy forms if they want to take advantage of a “safe harbor” for compliance with requirements for providing initial and annual privacy notices to customers. The Model Privacy Notice replaces the Sample Clauses, which appear in Appendix B to the Privacy Rule and, as of now, provide the safe harbor for compliance. As a result, organizations (banks, debt collectors, credit counseling agencies, etc.) will need to update their privacy notices in order to rely on the safe harbor.
The new model privacy notices are intended to be more comprehensible to consumers, with a clear format and design, provide clear and conspicuous disclosures, and have an easy-to-read font. There are three Model Privacy Notice forms. The first does not provide an opt-out. The second provides an opt-out by telephone and internet, and the third provides an opt-out with a mail-in form. Each Model Privacy Notice form consists of two pages, and may be printed on either two separate sheets of paper or on both sides of a single sheet.
IA professionals may want to take note: Entities that have been using the previous safe harbor language likely will want to revise the text and format of their initial and annual privacy notices in order to take advantage of the new safe harbor to satisfy the GLBA’s disclosure requirements. Fortunately, the federal government has released a form builder tool that financial institutions can download and use to develop and print customized versions of a model consumer privacy notice.