View PDF

The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.

l l★K

Federal Reserve Bank of Dallas
2200 N. PEARL ST.
DALLAS, TX 75201-2272

February 10, 2004

Notice 04-06

TO: The Chief Executive Officer of each
financial institution and foreign agency
in the Eleventh Federal Reserve District

SUBJECT
Interagency Proposal to Consider Alternative Forms of Privacy Notices
Under the Gramm-Leach-Bliley Act
DETAILS
The Board of Governors of the Federal Reserve System, the Office of the Comptroller
of the Currency, the Office of Thrift Supervision, the Federal Deposit Insurance Corporation, the
National Credit Union Administration, the Federal Trade Commission, the Commodity Futures
Trading Commission, and the Securities and Exchange Commission have requested comment on
an interagency proposal.
The proposal seeks comment on whether the agencies should consider amending the
regulations that implement sections 502 and 503 of the Gramm-Leach-Bliley Act (GLB Act) to
allow or require financial institutions to provide alternative types of privacy notices, such as a
short privacy notice, that would be easier for consumers to understand.
The Board must receive comments by March 29, 2004. Please address comments to
Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th Street
and Constitution Avenue, N.W., Washington, DC 20551. Also, you may mail comments electronically to regs.comments@federalreserve.gov. All comments should refer to Docket No. R1173.

For additional copies, bankers and others are encouraged to use one of the following toll-free numbers in contacting the Federal
Reserve Bank of Dallas: Dallas Office (800) 333-4460; El Paso Branch Intrastate (800) 592-1631, Interstate (800) 351-1012;
Houston Branch Intrastate (800) 392-4162, Interstate (800) 221-0363; San Antonio Branch Intrastate (800) 292-5810.

-2ATTACHMENT
A copy of the Board’s notice as it appears on pages 75164–74, Vol. 68, No. 249 of the
Federal Register dated December 30, 2003, is attached.
MORE INFORMATION
For more information, please contact Diane van Gelder, Banking Supervision
Department, at (214) 922-6282. Paper copies of this notice or previous Federal Reserve Bank
notices can be printed from our web site at www.dallasfed.org/banking/notices/index.html.

Federal Register

Tuesday
December 30, 2003
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Part 40
[Docket No. 03–27]
FEDERAL RESERVE SYSTEM
12 CFR Part 216
[Docket No. R–1173]
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Part 332
RIN 3064–AC77
DEPARTMENT OF THE TREASURY
Office of Thrift Supervision
12 CFR Part 573
[Docket No. 2003–62]
RIN 1550–AB86
NATIONAL CREDIT UNION ADMINISTRATION
12 CFR Part 716
FEDERAL TRADE COMMISSION
16 CFR Part 313
RIN 3084–AA94 Project No. 034815
COMMODITY FUTURES TRADING COMMISSION
17 CFR Part 160
RIN 3038–AC04
SECURITIES AND EXCHANGE COMMISSION
17 CFR Part 248
[Release Nos. 34–48966, IA–2206, IC–26316;
File No. S7–30–03]
RIN 3235–AJ06
Interagency Proposal to Consider
Alternative Forms of Privacy Notices
Under the Gramm-Leach-Bliley Act

75164

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
12 CFR Part 40
[Docket No. 03–27]

FEDERAL RESERVE SYSTEM
12 CFR Part 216
[Docket No. R–1173]

FEDERAL DEPOSIT INSURANCE
CORPORATION
12 CFR Part 332
RIN 3064–AC77

DEPARTMENT OF THE TREASURY
Office of Thrift Supervision
12 CFR Part 573
[Docket No. 2003–62]
RIN 1550–AB86

NATIONAL CREDIT UNION
ADMINISTRATION
12 CFR Part 716
FEDERAL TRADE COMMISSION
16 CFR Part 313
RIN 3084–AA94 Project No. 034815

COMMODITY FUTURES TRADING
COMMISSION
17 CFR Part 160
RIN 3038–AC04

SECURITIES AND EXCHANGE
COMMISSION
17 CFR Part 248
[Release Nos. 34–48966, IA–2206, IC–26316;
File No. S7–30–03]
RIN 3235–AJ06

Interagency Proposal to Consider
Alternative Forms of Privacy Notices
Under the Gramm-Leach-Bliley Act
AGENCIES: Office of the Comptroller of
the Currency, Treasury (OCC); Office of
Thrift Supervision, Treasury (OTS);
Board of Governors of the Federal
Reserve System (Board); Federal Deposit
Insurance Corporation (FDIC); National
Credit Union Administration (NCUA);
Federal Trade Commission (FTC);
Commodity Futures Trading
Commission (CFTC); and Securities and
Exchange Commission (SEC).

VerDate jul<14>2003

21:02 Dec 29, 2003

Jkt 203001

PO 00000

Frm 00017

Fmt 4702

Sfmt 4702

ACTION: Advance notice of proposed
rulemaking.
SUMMARY: The OCC, OTS, Board, FDIC,
NCUA, FTC, CFTC, and SEC (the
Agencies) are requesting comment on
whether the Agencies should consider
amending the regulations that
implement sections 502 and 503 of the
Gramm-Leach-Bliley Act (GLB Act) to
allow or require financial institutions to
provide alternative types of privacy
notices, such as a short privacy notice,
that would be easier for consumers to
understand.
DATES: Comments must be submitted on
or before March 29, 2004.
ADDRESSES: Because the Agencies will
jointly review all of the comments
submitted, interested parties may send
comments to any of the Agencies and
need not send comments (or copies) to
all of the Agencies. Commenters that
submit trade secrets or confidential
commercial or financial information
may request confidential treatment of
that information in accordance with the
Freedom of Information Act (5 U.S.C.
552) and the Agencies’ respective
regulations regarding availability of
information. Because paper mail in the
Washington area and at the Agencies is
subject to delay, please consider
submitting your comments by e-mail.
Commenters are encouraged to use the
title ‘‘Alternative Forms of Privacy
Notices’’ to facilitate the organization
and distribution of comments among the
Agencies. Interested parties are invited
to submit written comments to:
Office of the Comptroller of the
Currency: Public Information Room,
Office of the Comptroller of the
Currency, 250 E Street, SW., Mail stop
1–5, Washington, DC 20219, Attention:
Docket No. 03–27, Fax number (202)
874–4448 or Internet address:
regs.comments@occ.treas.gov.
Comments may be inspected and
photocopied at the OCC’s Public
Information Room, 250 E Street, SW.,
Washington, DC. You can make an
appointment to inspect the comments
by calling (202) 874–5043.
Office of Thrift Supervision: Send
comments to Regulation Comments,
Chief Counsel’s Office, Office of Thrift
Supervision, 1700 G Street, NW.,
Washington, DC 20552, Attention: No.
2003–62. Delivery: Hand deliver
comments to the Guard’s Desk, East
Lobby Entrance, 1700 G Street, NW.,
from 9 a.m. to 4 p.m. on business days,
Attention: Regulation Comments, Chief
Counsel’s Office, Attention: No. 2003–
62. Facsimiles: Send facsimile
transmissions to FAX Number (202)
906–6518, Attention: No. 2003–62. E-

E:\FR\FM\30DEP1.SGM

30DEP1

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules
Mail: Send e-mails to
regs.comments@ots.treas.gov, Attention:
No. 2003–62 and include your name
and telephone number. Due to
temporary disruptions in mail service in
the Washington, DC area, commenters
are encouraged to send comments by fax
or e-mail, if possible. Availability of
comments: OTS will post comments and
the related index on the OTS Internet
Site at www.ots.treas.gov. In addition,
you may inspect comments at the Public
Reading Room, 1700 G Street, NW., by
appointment. To make an appointment
for access, call (202) 906–5922, send an
e-mail to public.info@ots.treas.gov, or
send a facsimile transmission to (202)
906–7755. (Please identify the materials
you would like to inspect to assist us in
serving you.) We schedule
appointments on business days between
10 a.m. and 4 p.m. In most cases,
appointments will be available the
business day after the date we receive a
request.
Board of Governors of the Federal
Reserve System: Comments should refer
to Docket No. R–1173 and may be
mailed to Ms. Jennifer J. Johnson,
Secretary, Board of Governors of the
Federal Reserve System, 20th Street and
Constitution Avenue, NW., Washington,
DC 20551. Please consider submitting
your comments by e-mail to
regs.comments@federalreserve.gov, or
faxing them to the Office of the
Secretary at (202) 452–3819 or (202)
452–3102. Members of the public may
inspect comments in Room MP–500
between 9 a.m. and 5 p.m. on weekdays
pursuant to section 261.12, except as
provided in section 261.14, of the
Board’s Rules Regarding Availability of
Information, 12 CFR 261.12 and 261.14.
Federal Deposit Insurance
Corporation: Send written comments to
Robert E. Feldman, Executive Secretary,
Attention: Comments/Executive
Secretary Section, Federal Deposit
Insurance Corporation, 550 17th Street,
NW., Washington, DC 20429. Comments
also may be mailed electronically to
comments@fdic.gov. Comments may be
hand delivered to the guard station at
the rear of the 17th Street building
(located on F Street) on business days
between 7 a.m. and 5 p.m.; Fax Number
(202) 898–3838. Comments may be
inspected and photocopied in the FDIC
Public Information Center, Room 100,
801 17th Street, NW., Washington, DC
20429, between 9 a.m. and 5 p.m. on
business days.
National Credit Union
Administration: Comments should be
directed to Becky Baker, Secretary of the
Board. Mail or hand deliver comments
to: National Credit Union
Administration, 1775 Duke Street,

VerDate jul<14>2003

20:19 Dec 29, 2003

Jkt 203001

75165

Alexandria, VA 22314–3428. You are
encouraged to fax comments to (703)
518–6319 or email comments to
regcomments@ncua.gov. Whatever
method you choose, please send
comments by one method only.
Federal Trade Commission:
Comments should refer to ‘‘Alternative
Forms of Privacy Notices, Project No.
P034815.’’ Comments filed in paper
form should be mailed or delivered to:
Federal Trade Commission/Office of the
Secretary, Room 159–H, 600
Pennsylvania Avenue, NW.,
Washington, DC 20580. Comments filed
in electronic form (in ASCII format,
WordPerfect, or Microsoft Word) should
be sent to: GLBnotices@ftc.gov. If the
comment contains any material for
which confidential treatment is
requested, it must be filed in paper
(rather than electronic) form, and the
first page of the document must be
clearly labeled ‘‘Confidential.’’ 1
Regardless of the form in which they are
filed, the Commission will consider all
timely comments, and will make the
comments available (with confidential
material redacted) for public inspection
and copying at the Commission’s
principal office and on the Commission
Web site at www.ftc.gov. As a matter of
discretion, the Commission makes every
effort to remove home contact
information for individuals from the
public comments it receives before
placing those comments on the FTC
Web site.
Commodity Futures Trading
Commission: Comments should be
directed to Jean A. Webb, Secretary,
Commodity Futures Trading
Commission, Three Lafayette Centre,
1155 21st Street, NW., Washington, DC
20581. Comments may be sent by
facsimile transmission to (202) 418–
5528 or by e-mail to secretary@cftc.gov.
Securities and Exchange Commission:
To help us process and review your
comments more efficiently, comments
should be sent by hard copy or e-mail,
but not by both methods. Comments
sent by hard copy should be submitted
in triplicate to Jonathan G. Katz,
Secretary, Securities and Exchange
Commission, 450 5th Street, NW.,
Washington, DC 20549–0609.
Comments may also be submitted
electronically at the following e-mail
address: rule-comments@sec.gov. All

comment letters should refer to File No.
S7–30–03. This file number should be
included on the subject line if e-mail is
used. Comment letters will be available
for public inspection and copying in the
Commission’s Public Reference Room,
450 5th Street, NW., Washington, DC
20549. All comments received will be
posted on the Commission’s Internet
Web site (http://www.sec.gov) and made
available for public inspection and
copying in the Commission’s Public
Reference Room, 450 Fifth Street, NW.,
Washington, DC 20549.2
FOR FURTHER INFORMATION CONTACT:
OCC: Amy Friend, Assistant Chief
Counsel, (202) 874–5200; Stephen Van
Meter, Assistant Director, Community
and Consumer Law Division, (202) 874–
5750; or Heidi Thomas, Special
Counsel, Legislative and Regulatory
Activities Division, (202) 874–5090.
OTS: Elizabeth C. Baltierra, Program
Analyst (Compliance) Compliance
Policy, (202) 906–6540; or Paul Robin,
Special Counsel, Regulations and
Legislation Division, (202) 906–6648.
Board: Thomas E. Scanlon, Counsel,
Legal Division, (202) 452–3594; MinhDuc T. Le or Ky Tran-Trong, Senior
Attorneys, Division of Consumer and
Community Affairs, (202) 452–3667.
FDIC: April A. Breslaw, Chief,
Compliance Section, (202) 898–6609;
David P. Lafleur, Policy Analyst,
Division of Supervision and Consumer
Protection, (202) 898–6569; Ruth R.
Amberg, Senior Counsel, (202) 898–
3736, or Robert A. Patrick, Counsel,
Legal Division, (202) 898–3757.
NCUA: Regina Metz, Staff Attorney,
(703) 518–6561, or Ross Kendall, Staff
Attorney, Office of General Counsel,
(703) 518–6562.
FTC: Toby Milgrom Levin, Senior
Attorney, (202) 326–3713, or Loretta
Garrison, Senior Attorney, (202) 326–
3043.
CFTC: Laura Richards, Senior
Assistant General Counsel, (202) 418–
5126, or David B. Jacobsohn, Counsel,
(202) 418–5161, Office of the General
Counsel.
SEC: Brian Baysinger, Special
Counsel, Office of Chief Counsel,
Division of Market Regulation, (202)
942–0073; or Penelope Saltzman, Senior
Counsel, Division of Investment
Management, (202) 942–0690.
SUPPLEMENTARY INFORMATION:

1 Commission Rule 4.2(d), 16 CFR 4.2(d). The
comment must also be accompanied by an explicit
request for confidential treatment, including the
factual and legal basis for the request, and must
identify the specific portions of the comment to be
withheld from the public record. The request will
be granted or denied by the Commission’s General
Counsel, consistent with applicable law and the
public interest. See Commission Rule 4.9(c), 16 CFR
4.9(c).

I. Background

PO 00000

Frm 00018

Fmt 4702

Sfmt 4702

Subtitle A of title V of the GLB Act,
captioned Disclosure of Nonpublic
2 The FDIC and SEC do not edit personal,
identifying information such as names or e-mail
addresses from electronic submissions. Submit only
information you wish to make publicly available.

E:\FR\FM\30DEP1.SGM

30DEP1

75166

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules

Personal Information (codified at 15
U.S.C. 6801 et seq.), requires each
financial institution to provide a notice
of its privacy policies and practices to
its consumer customers. In general, the
privacy notices must describe a
financial institution’s policies and
practices with respect to disclosing
nonpublic personal information about a
consumer to both affiliated and
nonaffiliated third parties and provide a
consumer a reasonable opportunity to
direct the institution not to share
nonpublic personal information about
the consumer with nonaffiliated third
parties. The privacy notice must also
provide, where applicable under the
Fair Credit Reporting Act (FCRA), a
notice and an opportunity for a
consumer to opt out of the sharing of
certain information among affiliates.3
The Agencies have published
consistent final regulations that
implement the privacy provisions of the
GLB Act (collectively referred to as ‘‘the
privacy rule’’).4 The privacy rule
requires a financial institution to
include in its privacy notices specific
items of information, such as the
categories of nonpublic personal
information that the institution collects
and the categories of third parties to
which the institution may disclose the
information. The rule contains sample
clauses that institutions may use in
privacy notices. The rule does not,
however, prescribe any specific format
or standardized wording for these
notices. Instead, institutions may design
their own notices based on their
individual practices provided they are
consistent with the law and meet the
‘‘clear and conspicuous’’ standard in the
rule.
Financial institutions first were
required to distribute privacy notices to
their customers by July 1, 2001. Many
privacy notices in this initial effort were
long and complex. Moreover, because
the privacy rule allows institutions
flexibility in designing their privacy
notices, notices have been difficult to
compare, even among financial
institutions with identical privacy
policies.
In response to broad-based concerns
expressed by representatives of financial
institutions, consumers, privacy
advocates, and Members of Congress,
the Agencies conducted a workshop in
December 2001 to provide a forum to
consider how financial institutions
could provide more useful privacy
3 15 U.S.C. 1681a(d)(2)(A)(iii) (FCRA); 15 U.S.C.
6803(b)(4) (GLB Act).
4 12 CFR part 40 (OCC); 12 CFR part 216 (Board);
12 CFR part 332 (FDIC); 12 CFR part 573 (OTS); 12
CFR part 716 (NCUA); 16 CFR part 313 (FTC); 17
CFR part 160 (CFTC); and 17 CFR part 248 (SEC).

VerDate jul<14>2003

20:19 Dec 29, 2003

Jkt 203001

notices to consumers. The workshop
featured panel presentations by
financial institutions, consumer
advocates, and communications experts,
and highlighted key communication
principles to improve the notices. A
number of institutions, particularly
those with complex information-sharing
practices, described the challenges they
faced in explaining their practices and
the choices available to consumers in a
simple fashion while meeting all of the
legal requirements for notice. Some
institutions described results of
consumer testing and efforts to make
their privacy notices clearer and more
useful to consumers.
A number of financial institutions
have since sought to improve their
notices. Additionally, some industry
groups have been working to formulate
short, consumer-friendly notices that
could accompany the longer, legally
mandated notices under the rule. The
Agencies applaud the efforts by
consumer advocates and industry to
improve privacy notices to make them
more readable and useful to consumers.
To encourage and facilitate the efforts
already underway, the Agencies are
considering proposing amendments to
the privacy rule to provide for privacy
notices that are more understandable
and useful to consumers. The Agencies
believe that this effort could benefit
significantly from the breadth and depth
of experience that many institutions
have gained over the past two years in
designing privacy notices, as well as the
expertise of communications experts
and the input of consumer organizations
and comments from the public.
Accordingly, the Agencies seek
comment on a wide range of issues
associated with the format, elements,
and language used in privacy notices
that would make the notices more
accessible, readable, and useful. The
Agencies also solicit examples of forms,
model clauses, and other information,
such as applicable research that has
been conducted in this area, that may
provide concrete illustrations or
evidence to assist the Agencies in
considering whether and how to
develop various proposals.5
5 As stated above, the Agencies will jointly review
all of the comments submitted, including those
comments submitted to only one agency.
Commenters may request confidential treatment of
any trade secrets and commercial or financial
information that is privileged or confidential
information provided to the Agencies in accordance
with the Freedom of Information Act (5 U.S.C. 552)
and the Agencies’ respective regulations regarding
availability of information. 12 CFR part 4, subparts
B and C (OCC); 12 CFR part 505 (OTS); 12 CFR part
261, subparts A and B (Board); 12 CFR part 309
(FDIC); 12 CFR 792.29 (NCUA); 16 CFR 4.10 (FTC);
17 CFR 145.9 (Petition for Confidential Treatment)
(CFTC); 17 CFR part 200, subpart D (SEC).

PO 00000

Frm 00019

Fmt 4702

Sfmt 4702

Some of the terms and examples used
in this Advance Notice of Proposed
Rulemaking (ANPR) and sample notices
are not suitable for credit unions, which
have an organizational and operational
structure that is different than other
financial institutions. For example, the
term customer, in the context of credit
unions, generally will mean member,
and while credit unions may form
subsidiaries, they do not establish
corporate affiliations like other financial
institutions. Nevertheless, because of
the predominance of issues that are
common to all types of financial
institutions, the NCUA believes its
participation is important at this ANPR
stage, whether or not it ultimately
determines to publish a separate, but
consistent and comparable, rule for
credit unions.
Based on the information collected for
this ANPR, including information
collected through independent research
conducted by the Agencies, the
Agencies will determine whether to
propose changes to the privacy rule and,
if so, will seek further public comment
on specific proposals. The Agencies
expect that consumer testing would be
a key component in the development of
any specific proposals.
II. General Considerations for
Improving Privacy Notices
The Agencies are considering
developing a range of alternative
proposals for public comment to
improve the privacy notices that
financial institutions must provide to
consumers under the GLB Act. The
primary matter the Agencies are now
considering is whether to develop a
model privacy notice that would be
short and simple. In order to illustrate,
generally, this type of short notice and
to spur specific suggestions for
additional ideas that the Agencies
should consider, a few of the potential
alternative approaches are summarized
below. These alternatives are also
intended to help frame a number of
important questions beyond the design
of a short notice, such as whether all
financial institutions should be required
to use the same form of notice and
whether a short notice could be a
substitute for or should be a supplement
to a longer, more detailed notice. The
sample notices included in the
appendices do not reflect a
determination by the Agencies that any
of these notices would be satisfactory
under the privacy rule or for any
particular financial institution. The
Agencies note that these alternatives
have not been developed as a result of
specific research or consumer testing
and are not being proposed for

E:\FR\FM\30DEP1.SGM

30DEP1

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules
adoption. The Agencies specifically
invite suggestions for other approaches
to improve the readability and
usefulness of privacy notices as set out
in section III.
As an initial matter, the Agencies
request comment on whether to pursue
the development of a short privacy
notice. The Agencies note that, should
they do so, there are several ways the
Agencies could exercise their authority
for developing a short notice, and the
Agencies have not settled on any single
approach. The Agencies could, for
example, explore whether an
interagency interpretation of the privacy
rule, perhaps with model forms or
language, would promote the
development of privacy notices that are
more understandable and useful to
consumers. Similarly, the Agencies
could develop a set of guidelines or best
practices that would enable financial
institutions to improve their privacy
notices, or the Agencies could propose
amendments to the privacy rule. The
Agencies request comment on what
approaches would be most useful to
consumers while taking into
consideration the burden on financial
institutions.
The Agencies have identified the
following approaches to simplify the
privacy notices for consideration by
commenters. One approach would be
for the Agencies to develop a specific
format and standardized language for a
short notice that highlights key elements
of an institution’s privacy policy. For
instance, a short notice could describe
the types of nonpublic personal
information an institution collects, the
institution’s policies for sharing that
information with third parties, and a
description of how consumers can opt
out of information sharing. Like a
nutrition label, a standardized notice
would permit consumers easily to
compare these elements of the privacy
policies of different institutions and to
become familiar with the standardized
format and text. This type of form could
include a description of how the
consumer could obtain a longer,
detailed privacy notice or be provided
in combination with a longer, detailed
privacy notice. An example illustrating
this kind of format and language for a
short notice appears in Appendix A.
In a similar approach, the Agencies
could develop a short notice with a
specific format and standardized
language that would be designed to
address all of the relevant elements
listed in the GLB Act and the privacy
rule. Such a notice would permit
consumers to compare all relevant
elements listed under federal law of the
privacy policies of different institutions.

VerDate jul<14>2003

20:19 Dec 29, 2003

Jkt 203001

However, since information sharing
practices may vary, a financial
institution may need flexibility in
describing the categories of affiliated
and nonaffiliated parties to whom it
discloses nonpublic personal
information. An example illustrating
this kind of format and language
appears in Appendix B and the
categories of parties that may be
modified by a financial institution
appear in brackets.
Another approach to simplifying
privacy notices would involve
establishing a standardized format for
privacy notices, but allowing financial
institutions to provide their own
descriptions of their privacy policies
and practices. This potential approach
may simplify privacy notices and make
them more accessible for consumers, yet
would permit each financial institution
to tailor the language in the notice to
suit its own privacy policies and
practices. An example of a standardized
format is included in Appendix C.
Alternatively, the Agencies could
prescribe standardized language that a
financial institution would use to design
its own notice without a format
specified by the privacy rule.
Standardized language may facilitate
comparisons among financial
institutions’ policies and describe key
consumer rights so that consumers
could become familiar with
circumstances under which information
about them may be disclosed to third
parties.
Another approach would be to focus
attention on the consumer’s right to opt
out of disclosures available under the
institution’s privacy policies. For
example, the opt-out notice could be
provided by itself, with a statement that
the institution’s privacy policy is
available on request. Alternatively, a
description of the consumer’s opt out
right and how it could be exercised
could be provided on the first page of
a financial institution’s privacy notice.
The Agencies could prescribe the
language, and its placement so as to
ensure prominence and readability, but
not require any further standardization
of privacy notices. An example of this
type of notice is included in Appendix
D.
Detailed descriptions of ways to
improve privacy notices, such as
examples of language that may be used,
illustrations of formats, and references
to the particular requirements of the
privacy rule that may need to be
amended, will assist the Agencies in
learning about and evaluating particular
proposals. This ANPR outlines several
potential approaches. The Agencies
invite comment on the advantages and

PO 00000

Frm 00020

Fmt 4702

Sfmt 4702

75167

disadvantages of these approaches.
Also, the Agencies request comment on
any other approach the Agencies should
consider.
III. Request for Comments
Any change in the privacy rule to
provide for short notices raises a
number of issues. In addition to
comment on the various approaches
discussed above or illustrated in the
appendices, the Agencies request
comment and supporting research and
documentation on other matters that
may be raised by the implementation of
a short privacy notice. In particular, the
Agencies invite comment on the
following questions and supporting
documentation where available:
A. Goals of a Privacy Notice
1. What should be the goals of a
privacy notice? What goals are most
important?
2. Should the Agencies pursue the
development of a short notice to achieve
these goals?
3. Are there any special issues for the
Agencies to consider in developing a
short privacy notice that may arise from
potential differences between federal
and state law requirements?
4. In what ways should a privacy
notice be useful to a consumer? Please
identify those ways that are the most or
least important.
a. To permit ready comparison among
different institutions’ privacy policies?
b. To provide sufficient information to
make an informed decision about
whether to opt out?
c. To highlight the consumer’s right to
opt out?
d. To provide convenient mechanisms
for the consumer to opt out?
e. To provide a mechanism for the
consumer to opt out in the same
medium used to provide the privacy
notice?
f. Other ways?
B. Elements of a Privacy Notice
1. What are the key elements of a
privacy policy that a short notice should
contain?
2. Are these key elements the same
from the perspective of institutions and
consumers? If not, explain the
differences and why.
3. Is there an optimal number of
elements (beyond which would be too
many) to include in a short notice?
4. Should a short privacy notice
contain, at a minimum, all of the
relevant elements listed in the GLB Act
and the privacy rule? If not, should it
include a statement advising the
consumer that an institution’s complete
privacy policy will be provided upon
request?

E:\FR\FM\30DEP1.SGM

30DEP1

75168

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules

5. Should certain elements, such as a
description of a consumer’s opt-out
rights (if applicable), be given
prominence or be presented in a certain
order?
6. Should statements describing
information sharing practices not
subject to a consumer’s right to opt-out,
such as whether a financial institution
discloses information to nonaffiliated
financial institutions under joint
marketing agreements for financial
products or services, be highlighted in
the short notice?
C. Language of a Privacy Notice
1. Are there particular ‘‘privacy’’
terms or words that consumers readily
understand that should be included in
a short notice? Should any terms or
language currently used in notices be
avoided?
2. Should a financial institution be
required to use standardized clauses in
a short notice?
3. Rather than using standardized
language, should a financial institution
be permitted to develop its own
language in a short notice so long as the
short notice incorporates specified items
of information?
D. Format of a Privacy Notice
1. Should the Agencies develop a
standardized graphic design for a short
notice that financial institutions would
use? If so, what graphic design would be
most suitable for the format of a short
notice?
2. Based on experiences with the
current privacy notices or tests that have
been conducted in this area, what
alternative forms of notice are likely to
be useful to consumers and/or to
financial institutions?
3. Is there a suggested length for a
short privacy notice? Is there a
suggested length for phrases or
sentences within a short notice?
4. Are there suggestions for overall
design of the notice, including layout,
use of color, graphic devices, font(s),
and size(s) of the text in the notice?
5. If a financial institution does not
disclose information to third parties that
would be subject to a consumer’s right
to opt out (under either the FCRA or the
GLB Act), what form should the privacy
notice take?
6. Should an institution be allowed to
modify its short privacy notice to
include elements that may be required
under state laws? If so, then how can a
short notice be designed to include
those elements?

VerDate jul<14>2003

20:19 Dec 29, 2003

Jkt 203001

E. Mandatory or Permissible Aspects of
a Privacy Notice
1. Should use of a short notice be
mandatory for all financial institutions?
2. Should use of standardized
language and/or format for a short
notice be mandatory for all financial
institutions? Or should each institution
be permitted to create its own short
notice following agency guidelines?
3. If a short notice is standardized,
should only part(s) of the notice be
mandatory, and, if so, what part(s)? Or
should all of a standardized short notice
be mandatory?
4. If use of standardized part(s), such
as standardized clauses, is not required,
should the Agencies create a safe harbor
from administrative enforcement for
financial institutions that use the
standardized parts in their notices (or a
whole, standardized notice)?
5. Should an institution be required or
permitted to deliver both a short notice
and a long notice?
6. Financial institutions that generally
do not share information with third
parties—such as those that do not have
any affiliates and do not share
information in a manner that is subject
to a consumer’s right to opt out under
the FCRA or the GLB Act and do not
engage in joint marketing agreements—
currently may have abbreviated and
simple notices. If a short notice is
mandated, should the Agencies make an
exception to allow these institutions to
continue to use the simple, abbreviated
notices they currently use?
Alternatively, should the Agencies
prescribe a special short notice for these
institutions to use?
7. Some financial institutions offer
consumers choices to opt out of
information-sharing arrangements that
are not mandated by either the FCRA or
the GLB Act, such as the ability to opt
out of an institution’s own marketing or
joint marketing arrangements with
nonaffiliated financial institutions for
financial products or services. If a short
notice is mandated, should the Agencies
allow these institutions to include in the
short notice information about these
additional choices to opt out?
8. Should the Agencies allow
financial institutions to include other
information that relates to their privacy
policies and practices in their short
notices? For instance, should a financial
institution that shares information with
affiliates for marketing purposes only if
a customer opts in to the sharing be
permitted to include this information in
a short notice?

PO 00000

Frm 00021

Fmt 4702

Sfmt 4702

F. Costs and Benefits of a Short Notice
With respect to consumers or
financial institutions, or both:
1. What are the costs and benefits of
providing a short notice and how do
they compare with the requirements
under the current privacy rule?
2. How, if at all, do the costs and
benefits of a short notice depend on:
a. Whether the notice is mandatory or
permissible?
b. Whether the format of the notice is
standardized? On whether the language
is standardized?
c. Whether the use of a short notice
requires financial institutions to make
supplemental privacy information
available upon request?
G. Additional Information
1. Are there any models or samples of
notices that work particularly well with
consumers that the Agencies should
consider? Provide any samples and
research or supporting documentation.
2. Provide the results and supporting
research or documentation of any
consumer testing that has been
conducted in this area.
3. What processes or types of
consumer testing should the Agencies
use to evaluate standardized terms or
language, formats for notices, and short
notices?
4. If the Agencies adopt an alternative
form of notice, should consumer
education accompany introduction of
the new type of notice? If so, what type
of consumer education would be
effective?
IV. Conclusion
In the event that the Agencies decide
to proceed, the Agencies expect to do so
through proposed rulemaking. In
addition to evaluating the comments
submitted in response to this ANPR, the
Agencies contemplate that consumer
testing would be an important element
of the development of any alternative
type of privacy notice.
By Order of the Board of Directors.
Dated at Washington, DC, this 2nd day of
December, 2003. Federal Deposit Insurance
Corporation.
Robert E. Feldman,
Executive Secretary.
By the National Credit Union
Administration Board on December 18, 2003.
Becky Baker,
Secretary of the Board.

E:\FR\FM\30DEP1.SGM

30DEP1

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules
Dated: December 22, 2003.
By the Securities and Exchange Commission.

75169

Dated: December 8, 2003.

By order of the Board of Governors of the
Federal Reserve System, December 22, 2003.
Jennifer J. Johnson,
Secretary of the Board.

Dated: November 14, 2003.
John D. Hawke, Jr.,
Comptroller of the Currency.

Deputy Secretary.

By Direction of the Commission.
Donald S. Clark,
Secretary.

Dated: December 18, 2003.
Jean A. Webb,
Secretary of the Commodity Futures Trading
Commission.

Margaret H. McFarland,

By the Office of Thrift Supervision,
James E. Gilleran,
Director.

BILLING CODE 4810–33–P; 6210–01–P; 6714–01–P;
6720–01–P; 7535–01–P; 6750–01–P; 6351–01–P; 8010–01–
P

Dated: December 17, 2003.

VerDate jul<14>2003

20:19 Dec 29, 2003

Jkt 203001

PO 00000

Frm 00022

Fmt 4702

Sfmt 4702

E:\FR\FM\30DEP1.SGM

30DEP1

VerDate jul<14>2003

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules

20:19 Dec 29, 2003

Jkt 203001

PO 00000

Frm 00023

Fmt 4702

Sfmt 4725

E:\FR\FM\30DEP1.SGM

30DEP1

EP30DE03.000</GPH>

75170

VerDate jul<14>2003

20:19 Dec 29, 2003

Jkt 203001

PO 00000

Frm 00024

Fmt 4702

Sfmt 4725

E:\FR\FM\30DEP1.SGM

30DEP1

75171

EP30DE03.001</GPH>

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules

VerDate jul<14>2003

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules

20:19 Dec 29, 2003

Jkt 203001

PO 00000

Frm 00025

Fmt 4702

Sfmt 4725

E:\FR\FM\30DEP1.SGM

30DEP1

EP30DE03.002</GPH>

75172

VerDate jul<14>2003

20:19 Dec 29, 2003

Jkt 203001

PO 00000

Frm 00026

Fmt 4702

Sfmt 4725

E:\FR\FM\30DEP1.SGM

30DEP1

75173

EP30DE03.003</GPH>

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules

75174

Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules


Federal Reserve Bank of St. Louis, One Federal Reserve Bank Plaza, St. Louis, MO 63102