The Consumer Financial Protection Bureau offered a carrot and stick to financial institutions, proposing a rule Tuesday that would reward banks that limit the amount of consumer data they share by allowing them to post their privacy policies online rather than mailing out annual notices to each customer.
“Consumers need clear information about how their personal information is being used by financial institutions,” CFPB director Richard Cordray said in a written statement. “This proposal would make it easier for consumers to find and access privacy policies, while also making it cheaper for industry to provide disclosures.”
Under the Gramm-Leach-Bliley Act, banks each year must notify their customers by mail how they share their nonpublic personal information. If a financial institution shares information with an unaffiliated third party, it has to inform consumers of their right to opt out of the sharing and tell them how to do so.
“Financial institutions would have an incentive to limit their sharing to reduce their costs,” according to the CFPB, which estimates the industry could save about $17 million each year.
Consumers would benefit as well, the CFPB said, because they could see their bank’s privacy policies at any time, not just once a year.
However, the CFPB said, “If an institution shares data with unaffiliated third parties in a way that triggers customers’ right to opt out of such sharing, then that institution generally would not be allowed to use the alternative delivery method.”
The agency is accepting comments on the proposal for the next 30 days.
Contact Jenna Greene at firstname.lastname@example.org, on Twitter @jgreenejenna.