In December 2015, President Obama signed into law the “Fixing America’s Surface Transportation Act” (“FAST Act”). As part of the FAST Act, Section 503 of the Gramm-Leach-Bliley Act (“GLB Act”) was amended to eliminate the annual privacy notice delivery requirement for a financial institution (which includes investment advisers, investment companies and broker-dealers) that:
- Does not share non-public information with non-affiliated third parties, except as allowed under the exceptions outlined in section 502 or those prescribed under section 504(b) of the GLB Act; and
- Has not changed its privacy disclosure policies and practices since the last privacy notice was delivered to clients
Notably, the SEC has not yet amended Reg. S-P (the Privacy of Consumer Financial Information rule adopted by the SEC to implement provisions of the Gramm-Leach-Bliley Act) to conform to the statutory amendment, although the elimination amendment to the GLB Act was effective immediately upon Presidential signing.
Firms are still required to provide an initial privacy notice to clients and any firm that does not meet the two mandates reflected above must continue to deliver their privacy notice annually. Additionally, firms should be cognizant of State privacy laws, as some states, such as California and Massachusetts have more restrictive privacy regulations.
So with that in mind, prior to stopping annual delivery of privacy notices, firms should review their current policies, procedures and processes, along with applicable state privacy regulations to determine the appropriate steps to take.
Should you need assistance with determining state requirements or have any questions regarding privacy regulations, or any other compliance issues, please contact CCLS at 619-278-0020 or firstname.lastname@example.org