Previously, we've pointed out that under existing US banking rules, most financial institutions are required by law to annually mail a printed privacy notice to you, their customer.
A change to that rule is coming soon in that the CFPB has stated its intention to amend Regulation P. They plan to update it, and modify the rules covering how customers receive notice of what banks do with the personal information they gather.
The actual changes that CFPB has proposed are available here. They are complex, but here are some highlights of what might be expected when Reg P gets its makeover:
Many banks that are currently required to mail the annual privacy notice will now be able to post it electronically for your examination using your smartphone, tablet, laptop, or desktop computer.
When posted electronically, it will be available on a webpage that contains only the privacy notice, displayed continuously in a clear and conspicuous manner.
When posted electronically, the customer will not be required to first provide any information such as login name or password, or to agree to any conditions for access.
When will this be happening? The CFPB published notice of their proposal to update Reg P on May 13, 2014, requesting public comments. That public comment period ended on July 14, 2014, with 126 public comments having been submitted. Presumably, the Bureau is now in their final rulemaking stage.
While the timing of next action is not clear, we commend the CFPB on their initiative in enhancing consumers' privacy awareness and understanding. In today's world of hacks, breaches, and ID thefts, consumer attention is focused on privacy issues like never before. We eagerly await the final rule so that actual implementation of the new enhancements can begin.
The Consumer Financial Protection Bureau (CFPB) is currently in the process of updating Regulation P ... that's the federal rule requiring American financial institutions to snail mail a privacy notice to you at least once each year.
This is good news for financial institutions in that under the updated rule, banks will likely be able to stop direct mailing the annual notice to you, but instead they'll be allowed to post it on a website for you to view electronically using your computer. Think of the savings in paper, printing, stuffing, and postage! Life is good for bankers!
And life looks good for you, too because soon you'll be able to view any bank's privacy notice on the big, fat screen of your desktop or laptop computer. View it when you want it ... ignore it until you need it.
Just one little detail is troubling. Earlier this week, a CFPB presentation contained the following statement:
"One study by the Federal Reserve found that one-third of cell phone users and more than half of smartphone owners are using mobile banking services. And according to one independent researcher, approximately 74,000 consumers per day began using mobile banking services last year."
As we see and acknowledge this trend towards doing our banking business on mobile devices, here's the troubling detail: The proposed Regulation P update provides no information or guidance relating to how privacy notices will be delivered on the diminutive screens of smartphones, tablets, and phablets.
As the new Reg P rule is finalized, it's our hope and expectation that the rulemakers will recognize this as an opportunity to leverage technology to bring readable, understandable, timely privacy information to each and every banking customer.
Do you recognize this document? If you’re an American with an account at nearly any financial institution, you receive at least one of these printed notices in your snail mail every year. If you're like most of us, you glance at it, scratch your head in bewilderment; then drop it into the trash.
What is it? It is your Annual Regulation P Privacy Notice sent to you by your financial institution. It tells you what they do with personal information they collect from you.
What personal information? Stuff like your name, your social security number, your income, your account balances, your payment history, your transaction history, your credit history, etc. Lawyers call this your nonpublic personal information, or NPI.
Why should you care? In a perfect world, perhaps you needn't pay much attention. But in today’s connected society, knowing what others do with your personal information is becoming vitally important. Your personal identity and privacy are yours to lose … having someone steal or misuse it can ruin your whole day.
But this notice is so confusing and boring ... and why do all these notices basically look the same? A federal law called Regulation P sets forth a model format for this disclosure. Most banks use the model form to ensure that they fully comply with their disclosure obligation to you under the law. CYA for them ... headscratcher for you.
Whose law is this? Your financial privacy used to be protected by an alphabet soup of federal agencies (FRB, OCC, FDIC, OTS, GLBA, NCUA, FTC, SEC, and CFTC). Most recently, it is administered by the Consumer Financial Protection Bureau (CFPB).
So ... what's the point? Simply this ... good privacy news is on the way. CFPB is currently in the process of updating this law, and has suggested a number of changes to make it easier and more convenient for you to know and understand what banks do with your NPI. Next blog, we'll review the changes and improvements that have been proposed as Reg P (12 CFR 1016.9(c)) is revised.
