Nov 19, 2008
for your information
FYI Home
Morgan Lewis Home
Investment Management
Securities Industry
March 23, 2007         Securities Industry Group

Interagency Proposal for Model Privacy Form Under the Gramm-Leach-Bliley Act

On March 20, 2007, eight federal regulators (the Board of Governors of the Federal Reserve System, the Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the Federal Trade Commission, the National Credit Union Administration, the Office of the Comptroller, the Office of Thrift Supervision, and the Securities and Exchange Commission (collectively, the Agencies) requested comment on a model privacy form (the Model Form) that financial institutions, including registere  investment advisers, registered investment companies and brokerdealers, may use for their privacy notices to consumers, as required by the Gramm-Leach-Bliley Act (the GLB Act).

The Model Form was developed as the first phase of a consumer research project on these notice  spearheaded by the Agencies in consultation with a management consulting firm. After the comment period closes, the Agencies will engage in a second phase of quantitative testing of the effectiveness of the Model Form among a large number of consumers, focusing on its accessibility, readability, and usability.

Background

The Financial Services Regulatory Relief Act of 2006 (the Relief Act) was signed into law on October 13, 2006. Among other things, Section 728 of the Relief Act required the Agencies to propose a simple, uniform privacy notice to comply with the GLB Act. In addition, Section 728 provides that the model privacy notice must:

  • be comprehensible to consumers, with a clear format and design;
  • provide for clear and conspicuous disclosures;
  • enable consumers to easily identify the sharing practices of a financial institution and compare privacy
    practices among financial institutions; and
  • be succinct, with an easily readable type font.

Section 728 also provides a safe harbor, in that financial institutions that use the Model Form will be deemed to be in compliance with GLB Act notice requirements.

Gramm-Leach-Bliley Act Privacy Notices

As of July 1, 2001, the GLB Act requires each financial institution to provide a notice of its privacy policies and practices to its customers who are consumers (the Privacy Rule). The privacy notices must describe the financial institution’s policies and practices on disclosing nonpublic personal information about a consumer to affiliated and nonaffiliated third parties, and must provide the consumer, where applicable under the Fair Credit Reporting Act, with a reasonable opportunity to “opt-out” of sharing nonpublic personal information with nonaffiliated third parties other than as permitted by statute. A financial institution must provide a privacy notice to its customers no later than when a customer relationship is formed and on an annual basis for as long as the relationship continues. The Privacy Rule contains model language (Sample Clauses) that institutions may use in privacy notices.

Sample Clauses

The Model Form is a standardized form that would supersede the Sample Clauses currently in the Privacy Rule. The Agencies are proposing a transition period of one year, after which the Sample Clauses would no longer be part of the safe harbor. The SEC proposed that one year after the end of the transition period, the Sample Clauses would be rescinded.

Appearance of the Model Form

The Model Form must be comprehensible, clear and conspicuous, and allow for easy comparison of privacy practices among financial institutions. The Model Form must use an easily readable type font (minimum 10 point size). Firms may use their corporate logo on the Model Form as long as the design does not interfere with the readability or space constraints of each page.

The Proposed Model Form

The Privacy Rule does not prescribe any specific format or standardized wording for privacy notices. The Model Form contains either two or three pages, depending on whether the financial institution provides an opt-out capability, with the following information:

Model Form Page One

  • Title: What Does [Name of Institution] Do with Your Personal Information?
  • Introductory Section (key frame explaining required disclosures)
    • “Why” box tells consumers that federal law requires that the financial institution send the notice;
    • “What” box explains the types of personal information financial institutions collect and share; and
    • “How” box explains that some information sharing is necessary for all institutions in order to provide the products and services that consumers request, and briefly provides, in a table, a description of the information-sharing practices of the financial institution.
  • Table Describing:
    • Types of sharing federal law allows;
    • Which of those types of sharing the institution actually engages in; and
    • Whether the consumer can opt out of each type of sharing.
  • Institution’s Contact Information

Model Form Page Two – Supplemental Information

  • Frequently Asked Questions Section
    • How often does [financial institution] notify me about its practices?
    • How does [financial institution] protect my personal information?
    • How does [financial institution] collect my personal information?
    • Why can’t I limit all sharing?
  • Definitions Section
    • Everyday business purposes
    • Affiliates
    • Nonaffiliates
    • Joint marketing

Model Form Page Three – The Opt-Out Form

Institutions using the Model Form must include page three in their notices only if they (1) share or use information in a manner that triggers an opt-out, or (2) choose to provide opt-outs beyond what is required by law.

  • How to contact the financial institution to opt out: telephone, website, or mail—financial institution’s available options must be summarized
  • Any additional optouts specified in the table on page one must be described on the opt-out form
  • Institutions may tailor form to specify what information is required in order to opt-out

Comments on the interagency proposal are due within 60 days of publication in the Federal Register.

Copy of the Interagency Proposal

Securities Industry FYI is a service of the Broker-Dealer and Investment Management Practices of Morgan Lewis. If you have any questions concerning these important legal developments, please contact any of the following Morgan Lewis attorneys:

Monica L. Parry
Morgan, Lewis & Bockius LLP
1111 Pennsylvania Ave, NW
Washington, D.C. 20004
Telephone: 202.739.5692
Fax: 202.739.3001
mparry@morganlewis.com

Jack Drogin
Morgan, Lewis & Bockius LLP
1111 Pennsylvania Ave, NW
Washington, D.C. 20004
Telephone: 202.739.5380
Fax: 202.739.3001
jdrogin@morganlewis.com

Dianne Sulzbach
Morgan, Lewis & Bockius LLP
1111 Pennsylvania Ave, NW
Washington, D.C. 20004
Telephone: 202.739.5470
Fax: 202.739.3001
dsulzbach@morganlewis.com

Posted in Broker-Dealer Regulation, Investment Management, Securities Markets

Copyright © 2007-2008 by Morgan, Lewis & Bockius, LLP. All Rights Reserved.
This communication is provided as a general informational service to clients and friends of Morgan Lewis. It should not be construed as, and does not constitute, legal advice on any specific matter, nor does it create an attorney-client relationship.
Terms of Use