Amendment to the Annual Privacy Notice Delivery Obligations of Financial Institutions under the Gramm-Leach-Bliley Act contained in the FAST Act
January 6, 2016
On December 4, 2015, President Obama signed the Fixing America’s Surface Transportation Act (the ‘‘FAST Act’’) into law. Although the FAST Act’s main focus is on improving the country’s surface transportation infrastructure, the law also contains a provision that modified the annual privacy notice requirement under the Gramm-Leach-Bliley Act (“GLBA”).
Previously under the GLBA privacy regulations, financial institutions (which includes registered investment advisers, investment companies, broker-dealers and private funds) had to circulate to their customers an annual privacy notice that sets forth the financial institution’s policies and practices with respect to the collection, disclosure, and protection of customers’ nonpublic personal information to both affiliated and non-affiliated third parties.
The FAST Act now provides an exception to the annual privacy notice distribution requirement if the financial institution meets the following two criteria:
- the financial institution does not share nonpublic personal information with nonaffiliated third parties (other than as permitted under certain enumerated exceptions1) and
- the financial institution's policies and practices regarding disclosure of nonpublic personal information have not changed since the last distribution of its policies and practices to its customers.
Investment advisers and private funds satisfying both criteria are no longer required to provide privacy notices to their individual investors on an annual basis. The amendment is effective immediately and should reduce the administrative burden and expenses for those investment advisers that do not frequently change their privacy policies.
1. Including, in summary, (i) as required by law, (ii) with the consent of the customer, (iii) as necessary to effect, administer, or enforce a transaction required or authorized by the customer or in connection with servicing the customer’s account (including to protect confidentiality and prevent fraud), and (iv) to a nonaffiliated third party to perform services for or functions on behalf of the financial institution, including marketing of the financial institution’s own products or services, if the financial institution fully discloses the providing of such information and enters into a contractual agreement with the third party that requires the third party to maintain the confidentiality of such information.↩