Legislation to Exempt Financial Firms from Providing G-L-B Act Privacy Notifications if No Change Is Debated in the House

A bill to amend the privacy provisions of the Gramm-Leach-Bliley Act to exempt financial institutions from providing an annual privacy notice if they have not changed their privacy policies in the last year was debated in the House, but a vote on the measure was postponed. Introduced by Rep. Blaine Luetkemeyer (R-MO), the Eliminate Privacy Notice Confusion Act, H.R. 5817, is designed to reduce an unnecessary burden facing consumers and financial institutions alike. The bill also would eliminate the annual privacy disclosure for state licensed financial institutions that are subject to state privacy protection laws or regulation, or that become subject to such regulation in the future. The amendments are to Section 503 of Gramm-Leach-Bliley, dealing with disclosure of a financial institution's privacy policy. Section 509 defines financial institution to include firms engaged in securities underwriting, dealing and market making, as well as those providing financial or investment advisory services and advising an investment company.

The bill has strong bi-partisan support. For example, Rep. Brad Sherman (D-CA) called the measure common sense legislation that makes a minor change to federal law to revise a very costly and unnecessary requirement that financial institutions send each of their customers a copy of their privacy policy every year, even when that policy hasn't changed from the prior year when they got the same exact privacy notification. (Cong. Record, Dec. 3 2012, H6581)

Under current law, financial institutions of all sizes are required to provide annual privacy notices explaining information sharing practices to all customers. Financial firms are required to give these notices each year even if their privacy policies have not changed in the slightest. According to Rep. Luetkemeyer, this creates not only waste for financial institutions, but confusion among consumers, as well as increased indirect cost to consumers. (Cong. Record, Dec. 3 2012, H6581)

Rep.Shelley Moore Capito (R-WV), Chair of the Financial Institutions Subcommittee, noted that these annual mailings cost millions of dollars each year and do not provide consumers with new information if the financial institutions have not changed their practice. The legislation will require a financial institution to provide annual privacy notices only if they have changed privacy policies that affect the customer. This is an important, commonsense bill, said the Chair, that will provide further clarity to customers and consumers and eliminate an unnecessary regulatory burden for financial institutions. (Cong. Record, Dec. 3 2012, H6581)

Rep. Sherman noted that the changes will help consumers because, by sending out less, the financial firms will attract attention to those situations where there's been a change in the privacy policy. As a result of the legislation, consumers will know that the privacy notices that arrive in their mailbox actually require their attention. And financial institutions that have been spending millions of dollars to mail out duplicative notices and redundant notifications each year can redirect those savings back to providing for the consumer, to their community, or to loans to help the economy grow.  (Cong. Record, Dec. 3 2012, H6581)

Similarly, Rep. Luetkemeyer said that H.R. 5817 would eliminate millions of costly, confusing, and often ignored mailings that cost millions of dollars to produce each year. And with passage of this bill, information included in these mailings would likely be more significant to the consumer because they would only come after a change in the privacy policy. (Cong. Record, Dec. 3 2012, H6581)

The sponsor assured that the legislation specifically ensures that a financial institution cannot be exempted from annual privacy notices if that institution changes in any way its policies or practices related to the disclosure of nonpublic personal information.

The legislation is supported by Independent Community Bankers of America, the Credit Union National Association, the American Bankers Association, and the National Association of Federal Credit Unions, among others.

But the measure is opposed by the House Privacy Caucus, co-chaired by Rep. Joe Barton (R-TX) and Rep. Ed Markey (R-MA). Rep Barton said that existing privacy protections should not be given up. The bill would eliminate a requirement of notification, which is not the same as reducing the privacy that is in the law, conceded Rep. Barton, but ``when you start down that slippery slope where you know that you don't have to notify of privacy protection,’’ he emphasized, the next step is to not even have privacy at all. (Cong. Record, Dec. 3 2012, H6582)

Rep. Sherman noted that consumers are going to get notification of what the privacy rules are when they start with the financial institution and they are going to get notified every time the firm makes a change, and they are going to be notified any time of the night or day when they simply go onto the website of the firm and look at the required privacy notification. (Cong. Record, Dec. 3 2012, H6582)

When Gramm-Leach-Bliley was passed, he said, not everybody had access to the Internet. Today, a much larger percentage of people are familiar with the Internet, have access to the Internet, and know that if they want to see the privacy notification, the privacy rules of their financial institution, it's there on the Internet in a way that most people are going to have easy access to.

Rep. Sherman said that he would be happy to co-sponsor legislation to require an email notification once a year to every customer willing to provide their email address to the financial institution.