Thursday, March 5, 2020

Where's my Privacy Policy?

 Where's my Privacy Policy?

Image of disclosure - model privacy notice

Gramm-Leach-Bliley (GLB) Privacy rules received an inordinate amount of attention in the pre-crisis compliance era. This is due to corporate structures that share consumer information, often without the customer's knowledge. To protect consumers against unauthorized sharing so that affiliates and other firms can market to your consumer, the Opt-Out Provisions of the Gramm-Leach-Bliley privacy rules require that companies tell consumers how they treat consumers' private information. In addition, the company must give the consumer the option to elect NOT to share that information. This results in the form the consumer receives, and the instructions they use to opt-out. 

We still see MANY questions regarding this form and its proper completion, so we have provided this simple guide to correctly populating the form fields. 

When a Regulator Asks for your Privacy Policy

We get the question "where is my Privacy Policy?" in the policies and procedures we provide. It's natural to ask us, because of the way the question is phrased. But this is one of those that doesn't come in a formulaic narrative manual. It's embodied in your disclosures and (hopefully) on your website. The "Model Privacy Notice" is your "Privacy Policy" as far as GLB is concerned. 


How to Correctly Complete the Form

  1. Add, income/employment, asset, credit history, property information as necessary
  2. YES - you send to investors and underwriters, as well as secondary market partners, title companies, etc. 
  3. NO - they can't limit it because they wouldn't get a loan if you didn't share it.
  4. Depends on your marketing - do you market to your customers - past or present? (e.g. email blasts) If yes then yes, and your customer must be able to opt out and you have to have a toll-free number.

Not Every Privacy Policy is a GLB Privacy Policy


Often, a regulator will ask for a Privacy Policy; they are referring to a policy or procedure that describes how you will keep your customer's information private. In other words, "Information Security" and not "Privacy."

No comments:

Post a Comment