PDFWAC 208-630-716
What are the minimum requirements for Consumer Financial Information Privacy under the Gramm-Leach-Bliley Act (Regulation P)?
Licensees must comply with Regulation P.
(1) At a minimum, licensees must:
(a) Provide customers with initial and annual notices regarding their privacy policies. These notices describe whether and how the licensee shares consumers' nonpublic personal information, including personally identifiable financial information, with other entities; and
(b) If licensees share certain customer information with particular types of third parties, the institutions are also required to provide notice to their customers and an opportunity to opt out of the sharing. If a licensee limits its types of sharing to those which do not trigger opt-out rights, it may provide a "simplified" annual privacy notice to its customers that does not include opt-out information. If a licensee's privacy policy has not changed, additional notices may not be required.
(2) Compliance with the federal Gramm-Leach-Bliley Act and Regulation P, 12 C.F.R. Part 1016, will be deemed compliance with this subsection.
(3) See Regulation P at 12 C.F.R. 1016 for the required details.