On December 1, 2009, the FDIC issued amendments to Part 332 of the FDIC's Rules and Regulations which implement the privacy provisions of the Gramm-Leach-Bliley Act (GLBA) and adopted the model privacy notice form. Part 332 requires state nonmember banks to notify consumers of their information-sharing practices and inform consumers of the right to opt out of certain sharing practices. The FDIC now is issuing a compliance guide for state nonmember banks wishing to use the model form to comply with these requirements.
Use of the model privacy notice form is voluntary. However, a state nonmember bank that chooses to provide this model form to consumers in a manner consistent with the form's instructions will be deemed to be in compliance with the disclosure requirements for privacy notices under the GLBA and Part 332.
Currently, the FDIC's Rules and Regulations contain language ("sample clauses") that state nonmember banks may use in their privacy notices and be considered in compliance with the privacy provisions of GLBA.
These sample clauses and the associated compliance safe harbor will be eliminated from Part 332 following a transition period. Use of the sample clauses will continue to provide a safe harbor only until December 31, 2010.
To obtain a compliance safe harbor after the sample clauses are removed, state nonmember banks should use the new model privacy notice form which has provided a compliance safe harbor since its effective date of December 31, 2009.
An online model privacy notice form builder is available at http://www.federalreserve.gov/bankinforeg/privacy_notice_instructions.pdf. State nonmember banks may download and complete this form builder to create a customized privacy notice. The form builder now includes versions enabling customers to opt-out via phone, on-line, or mail. The attached guide provides a brief description of how to use the model privacy notice form.
Privacy of Consumer Financial Information
12 C.F.R. Part 332