[29532]
December 8, 2015
TO: SEC RULES MEMBERS No. 62-15PRIVACY ISSUES WORKING GROUP No. 2-15
SMALL FUNDS MEMBERS No. 47-15
TRANSFER AGENT ADVISORY COMMITTEE No. 60-15
OPERATIONS MEMBERS No. 30-15 RE: CONGRESS REVISES ANNUAL PRIVACY NOTICE REQUIREMENT
Congress recently enacted H.R. 22, the Surface Transportation Reauthorization and Reform Act of 2015. This bill was signed into law by President Obama on December 4, 2015. Section 75001 in Title LXXV of the bill revises the privacy provisions in Section 503 of the Gramm-Leach-Bliley Act (the “Act”) to provide an exception to the Act’s annual privacy notice requirement. As revised, Section 503 now includes a new subsection (f) that reads as follows:
(f) EXCEPTION TO ANNUAL NOTICE REQUIREMENT.—A financial institution that—
(1) provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 502 or regulations prescribed under section 504(b), and
(2) has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this section,
shall not be required to provide an annual disclosure under this section until such time as the financial institution fails to comply with any criteria described in paragraph (1) or (2). [*]
Accordingly, effective December 4, 2015, SEC registrants that are subject to Regulation S-P may cease sending annual privacy notices provided, as noted in Section 75001, the registrant has been in compliance with Sections 502(b) and (e) of the Act (and the SEC’s rules thereunder) and the registrant’s policies and practices regarding the sharing of non-public personal information have not changed since they last provided a notice to customers.
Tamara K. Salmon
Associate General Counsel
endnotes
[*] As you may recall, Section 502(b) of the Act governs sharing non-public personal information with non-affiliated third parties for such parties to perform services or functions, including marketing, if such sharing is disclosed to consumers and the financial institution enters into a contractual agreement with the third party that requires it to maintain the confidentiality of the information. The SEC codified this provision in Section 248.13 of Regulation S-P. Section 502(e) of the Act governs the general exceptions under which information may be shared without having to provide customers an opt-out (e.g., for servicing a transaction requested by the customer). The SEC codified these exceptions in Section 248.14 of Regulation S-P. Section 504(b) of the Act authorizes agencies adopting rules under the Act to promulgate additional exceptions to the Act’s provision. The SEC has adopted additional exceptions in Section 248.15 of Regulation S-P.