Skip to Content
Locate a credit union

Mini Menu

Toggle Submenu
Find More Information
NCUA on Twitter NCUA on Twitter

Regulatory Relief on Annual Privacy Notices

NATIONAL CREDIT UNION ADMINISTRATION
1775 Duke Street, Alexandria, VA 22314

DATE: January 2016 LETTER No.: 16-CU-03
TO: Federally Insured Credit Unions
SUBJ: Regulatory Relief on Annual Privacy Notices

Note: In addition to the amendment discussed in this letter, your applicable state law still may require annual privacy notices or other privacy notices. See 15 U.S.C. 6807.

Dear Board of Directors and Chief Executive Officer:

If you have not changed your credit union’s privacy policy since your last annual privacy notice, you may not have to send another privacy notice this year—as long as you meet the conditions described in this letter.

This letter describes a recent amendment to the Gramm-Leach-Bliley Act (GLBA) that creates a new exception, in certain circumstances, to the statutory requirement that credit unions provide consumers with annual privacy notices. This exception is available to credit unions that have not changed their policies and practices for disclosing nonpublic personal information since they last provided an annual disclosure to consumers, if they meet other specified conditions, discussed below.1

Based on the amendment, your credit union need not provide an annual privacy notice if:

  • Your policies and practices have not changed since your credit union provided its most recent privacy notice to consumers; and
  • You share nonpublic personal information with nonaffiliated third parties only in accordance with requirements for certain existing GLBA exceptions, including those related to:
    • Performing services for, or functions on behalf of, the credit union, pursuant to a joint marketing agreement;
    • Administering, servicing, or processing a transaction a consumer requests or authorizes; maintaining or servicing certain consumer accounts; or performing securitizations, secondary market sales, or similar transactions; or
    • Other specified operational and legal purposes, including disclosure with the consumer’s consent or at the consumer’s direction and disclosure to protect the confidentiality and security of records related to the consumer, service, product, or transaction.2

NCUA examiners have been notified that if your credit union meets the applicable requirements, you need not send annual privacy notices unless and until your credit union no longer meets those requirements. NCUA examiners will only expect annual privacy notices to be provided if your credit union does not meet the new requirements described in this letter.

NCUA staff will consult with Consumer Financial Protection Bureau staff as CFPB works to implement the FAST Act’s amendment to GLBA and address interactions with other laws, such as the Fair Credit Reporting Act.3

If you have questions about your credit union’s NCUA examination, please contact NCUA’s Office of Examination and Insurance at EIMail@NCUA.gov or 703-518-6360, your Examiner, Supervisory Examiner, or Regional Office. If you have questions about Gramm-Leach-Bliley Act requirements related to privacy notices, please contact NCUA’s Office of Consumer Protection at ComplianceMail@ncua.gov or 703-518-1140.

Sincerely,

/s/

Debbie Matz
Chairman

 

1 This letter provides general information about the statutory amendment, but you should review the amendment carefully to determine whether your credit union qualifies for the exception.  Title LXXV of the Fixing America’s Surface Transportation Act (FAST Act) amended GLBA requirements related to annual privacy notices.  The amendment became effective immediately when signed into law on December 4, 2015.  See Pub. L. 114-94; 15 U.S.C. 6803(f).  Under GLBA and Regulation P, which implements GLBA, “customer” and “consumer” are defined terms.  In some circumstances, privacy notice requirements can apply to certain persons who are not members of a credit union.  To reduce confusion, this letter uses the statutory term “consumer” rather than the term “member.”
2See 15 U.S.C. 6802(b)(2), (e).
3 The Dodd-Frank Wall Street Reform and Consumer Protection Act rescinded NCUA’s rulemaking authority under GLBA and gave rulewriting authority to the Consumer Financial Protection Bureau (CFPB).  NCUA repealed its implementing regulation in 12 CFR Part 716, and CFPB published an implementing regulation at 12 CFR Part 1016.

1/29/2016 1:40 PM