Bi-partisan legislation has been introduced in the Senate to amend the privacy provisions of the Gramm-Leach-Bliley Act to exempt financial institutions from providing an annual privacy notice if they have not changed their privacy policies in the last year and the firm otherwise provides customers access to such most recent disclosure in electronic or other form permitted by regulation. The Privacy Notice Modernization Act, S. 635, was introduced by Rep. Sherrod Brown (D-OH) and co-sponsored by Senators Pat Toomey (R-PA). Mike Johanns (R-NE), and Mark Warner (D-VA).
A companion bill, Eliminate Privacy Notice Confusion Act, H.R. 749, passed the House by voice vote in March. The Senate bill differs from the House bill in that H.R. 749 does not condition the exemption on the firm otherwise providing customers access to the most recent privacy disclosure in electronic form.
The amendments effected by the legislation are to Section 503 of Gramm-Leach-Bliley, dealing with the disclosure of a financial institution’s privacy policy. Section 509 defines a financial institution to mean any institution the business of which is engaging in financial activities as described in Section 4(k) of the Bank Holding Company Act, which includes securities underwriting, dealing and market making, as well as providing financial, investment or economic advisory services and advising an investment company.
Under current law, financial institutions of all sizes are required to provide annual privacy notices explaining information sharing practices to all customers. Financial firms are required to give these notices each year even if their privacy policies have not changed in the slightest.