The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
l l★K Federal Reserve Bank of Dallas 2200 N. PEARL ST. DALLAS, TX 75201-2272 February 10, 2004 Notice 04-06 TO: The Chief Executive Officer of each financial institution and foreign agency in the Eleventh Federal Reserve District SUBJECT Interagency Proposal to Consider Alternative Forms of Privacy Notices Under the Gramm-Leach-Bliley Act DETAILS The Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Federal Trade Commission, the Commodity Futures Trading Commission, and the Securities and Exchange Commission have requested comment on an interagency proposal. The proposal seeks comment on whether the agencies should consider amending the regulations that implement sections 502 and 503 of the Gramm-Leach-Bliley Act (GLB Act) to allow or require financial institutions to provide alternative types of privacy notices, such as a short privacy notice, that would be easier for consumers to understand. The Board must receive comments by March 29, 2004. Please address comments to Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, N.W., Washington, DC 20551. Also, you may mail comments electronically to regs.comments@federalreserve.gov. All comments should refer to Docket No. R1173. For additional copies, bankers and others are encouraged to use one of the following toll-free numbers in contacting the Federal Reserve Bank of Dallas: Dallas Office (800) 333-4460; El Paso Branch Intrastate (800) 592-1631, Interstate (800) 351-1012; Houston Branch Intrastate (800) 392-4162, Interstate (800) 221-0363; San Antonio Branch Intrastate (800) 292-5810. -2ATTACHMENT A copy of the Board’s notice as it appears on pages 75164–74, Vol. 68, No. 249 of the Federal Register dated December 30, 2003, is attached. MORE INFORMATION For more information, please contact Diane van Gelder, Banking Supervision Department, at (214) 922-6282. Paper copies of this notice or previous Federal Reserve Bank notices can be printed from our web site at www.dallasfed.org/banking/notices/index.html. Federal Register Tuesday December 30, 2003 DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency 12 CFR Part 40 [Docket No. 03–27] FEDERAL RESERVE SYSTEM 12 CFR Part 216 [Docket No. R–1173] FEDERAL DEPOSIT INSURANCE CORPORATION 12 CFR Part 332 RIN 3064–AC77 DEPARTMENT OF THE TREASURY Office of Thrift Supervision 12 CFR Part 573 [Docket No. 2003–62] RIN 1550–AB86 NATIONAL CREDIT UNION ADMINISTRATION 12 CFR Part 716 FEDERAL TRADE COMMISSION 16 CFR Part 313 RIN 3084–AA94 Project No. 034815 COMMODITY FUTURES TRADING COMMISSION 17 CFR Part 160 RIN 3038–AC04 SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 248 [Release Nos. 34–48966, IA–2206, IC–26316; File No. S7–30–03] RIN 3235–AJ06 Interagency Proposal to Consider Alternative Forms of Privacy Notices Under the Gramm-Leach-Bliley Act 75164 Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency 12 CFR Part 40 [Docket No. 03–27] FEDERAL RESERVE SYSTEM 12 CFR Part 216 [Docket No. R–1173] FEDERAL DEPOSIT INSURANCE CORPORATION 12 CFR Part 332 RIN 3064–AC77 DEPARTMENT OF THE TREASURY Office of Thrift Supervision 12 CFR Part 573 [Docket No. 2003–62] RIN 1550–AB86 NATIONAL CREDIT UNION ADMINISTRATION 12 CFR Part 716 FEDERAL TRADE COMMISSION 16 CFR Part 313 RIN 3084–AA94 Project No. 034815 COMMODITY FUTURES TRADING COMMISSION 17 CFR Part 160 RIN 3038–AC04 SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 248 [Release Nos. 34–48966, IA–2206, IC–26316; File No. S7–30–03] RIN 3235–AJ06 Interagency Proposal to Consider Alternative Forms of Privacy Notices Under the Gramm-Leach-Bliley Act AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC); Office of Thrift Supervision, Treasury (OTS); Board of Governors of the Federal Reserve System (Board); Federal Deposit Insurance Corporation (FDIC); National Credit Union Administration (NCUA); Federal Trade Commission (FTC); Commodity Futures Trading Commission (CFTC); and Securities and Exchange Commission (SEC). VerDate jul<14>2003 21:02 Dec 29, 2003 Jkt 203001 PO 00000 Frm 00017 Fmt 4702 Sfmt 4702 ACTION: Advance notice of proposed rulemaking. SUMMARY: The OCC, OTS, Board, FDIC, NCUA, FTC, CFTC, and SEC (the Agencies) are requesting comment on whether the Agencies should consider amending the regulations that implement sections 502 and 503 of the Gramm-Leach-Bliley Act (GLB Act) to allow or require financial institutions to provide alternative types of privacy notices, such as a short privacy notice, that would be easier for consumers to understand. DATES: Comments must be submitted on or before March 29, 2004. ADDRESSES: Because the Agencies will jointly review all of the comments submitted, interested parties may send comments to any of the Agencies and need not send comments (or copies) to all of the Agencies. Commenters that submit trade secrets or confidential commercial or financial information may request confidential treatment of that information in accordance with the Freedom of Information Act (5 U.S.C. 552) and the Agencies’ respective regulations regarding availability of information. Because paper mail in the Washington area and at the Agencies is subject to delay, please consider submitting your comments by e-mail. Commenters are encouraged to use the title ‘‘Alternative Forms of Privacy Notices’’ to facilitate the organization and distribution of comments among the Agencies. Interested parties are invited to submit written comments to: Office of the Comptroller of the Currency: Public Information Room, Office of the Comptroller of the Currency, 250 E Street, SW., Mail stop 1–5, Washington, DC 20219, Attention: Docket No. 03–27, Fax number (202) 874–4448 or Internet address: regs.comments@occ.treas.gov. Comments may be inspected and photocopied at the OCC’s Public Information Room, 250 E Street, SW., Washington, DC. You can make an appointment to inspect the comments by calling (202) 874–5043. Office of Thrift Supervision: Send comments to Regulation Comments, Chief Counsel’s Office, Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552, Attention: No. 2003–62. Delivery: Hand deliver comments to the Guard’s Desk, East Lobby Entrance, 1700 G Street, NW., from 9 a.m. to 4 p.m. on business days, Attention: Regulation Comments, Chief Counsel’s Office, Attention: No. 2003– 62. Facsimiles: Send facsimile transmissions to FAX Number (202) 906–6518, Attention: No. 2003–62. E- E:\FR\FM\30DEP1.SGM 30DEP1 Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules Mail: Send e-mails to regs.comments@ots.treas.gov, Attention: No. 2003–62 and include your name and telephone number. Due to temporary disruptions in mail service in the Washington, DC area, commenters are encouraged to send comments by fax or e-mail, if possible. Availability of comments: OTS will post comments and the related index on the OTS Internet Site at www.ots.treas.gov. In addition, you may inspect comments at the Public Reading Room, 1700 G Street, NW., by appointment. To make an appointment for access, call (202) 906–5922, send an e-mail to public.info@ots.treas.gov, or send a facsimile transmission to (202) 906–7755. (Please identify the materials you would like to inspect to assist us in serving you.) We schedule appointments on business days between 10 a.m. and 4 p.m. In most cases, appointments will be available the business day after the date we receive a request. Board of Governors of the Federal Reserve System: Comments should refer to Docket No. R–1173 and may be mailed to Ms. Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, NW., Washington, DC 20551. Please consider submitting your comments by e-mail to regs.comments@federalreserve.gov, or faxing them to the Office of the Secretary at (202) 452–3819 or (202) 452–3102. Members of the public may inspect comments in Room MP–500 between 9 a.m. and 5 p.m. on weekdays pursuant to section 261.12, except as provided in section 261.14, of the Board’s Rules Regarding Availability of Information, 12 CFR 261.12 and 261.14. Federal Deposit Insurance Corporation: Send written comments to Robert E. Feldman, Executive Secretary, Attention: Comments/Executive Secretary Section, Federal Deposit Insurance Corporation, 550 17th Street, NW., Washington, DC 20429. Comments also may be mailed electronically to comments@fdic.gov. Comments may be hand delivered to the guard station at the rear of the 17th Street building (located on F Street) on business days between 7 a.m. and 5 p.m.; Fax Number (202) 898–3838. Comments may be inspected and photocopied in the FDIC Public Information Center, Room 100, 801 17th Street, NW., Washington, DC 20429, between 9 a.m. and 5 p.m. on business days. National Credit Union Administration: Comments should be directed to Becky Baker, Secretary of the Board. Mail or hand deliver comments to: National Credit Union Administration, 1775 Duke Street, VerDate jul<14>2003 20:19 Dec 29, 2003 Jkt 203001 75165 Alexandria, VA 22314–3428. You are encouraged to fax comments to (703) 518–6319 or email comments to regcomments@ncua.gov. Whatever method you choose, please send comments by one method only. Federal Trade Commission: Comments should refer to ‘‘Alternative Forms of Privacy Notices, Project No. P034815.’’ Comments filed in paper form should be mailed or delivered to: Federal Trade Commission/Office of the Secretary, Room 159–H, 600 Pennsylvania Avenue, NW., Washington, DC 20580. Comments filed in electronic form (in ASCII format, WordPerfect, or Microsoft Word) should be sent to: GLBnotices@ftc.gov. If the comment contains any material for which confidential treatment is requested, it must be filed in paper (rather than electronic) form, and the first page of the document must be clearly labeled ‘‘Confidential.’’ 1 Regardless of the form in which they are filed, the Commission will consider all timely comments, and will make the comments available (with confidential material redacted) for public inspection and copying at the Commission’s principal office and on the Commission Web site at www.ftc.gov. As a matter of discretion, the Commission makes every effort to remove home contact information for individuals from the public comments it receives before placing those comments on the FTC Web site. Commodity Futures Trading Commission: Comments should be directed to Jean A. Webb, Secretary, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street, NW., Washington, DC 20581. Comments may be sent by facsimile transmission to (202) 418– 5528 or by e-mail to secretary@cftc.gov. Securities and Exchange Commission: To help us process and review your comments more efficiently, comments should be sent by hard copy or e-mail, but not by both methods. Comments sent by hard copy should be submitted in triplicate to Jonathan G. Katz, Secretary, Securities and Exchange Commission, 450 5th Street, NW., Washington, DC 20549–0609. Comments may also be submitted electronically at the following e-mail address: rule-comments@sec.gov. All comment letters should refer to File No. S7–30–03. This file number should be included on the subject line if e-mail is used. Comment letters will be available for public inspection and copying in the Commission’s Public Reference Room, 450 5th Street, NW., Washington, DC 20549. All comments received will be posted on the Commission’s Internet Web site (http://www.sec.gov) and made available for public inspection and copying in the Commission’s Public Reference Room, 450 Fifth Street, NW., Washington, DC 20549.2 FOR FURTHER INFORMATION CONTACT: OCC: Amy Friend, Assistant Chief Counsel, (202) 874–5200; Stephen Van Meter, Assistant Director, Community and Consumer Law Division, (202) 874– 5750; or Heidi Thomas, Special Counsel, Legislative and Regulatory Activities Division, (202) 874–5090. OTS: Elizabeth C. Baltierra, Program Analyst (Compliance) Compliance Policy, (202) 906–6540; or Paul Robin, Special Counsel, Regulations and Legislation Division, (202) 906–6648. Board: Thomas E. Scanlon, Counsel, Legal Division, (202) 452–3594; MinhDuc T. Le or Ky Tran-Trong, Senior Attorneys, Division of Consumer and Community Affairs, (202) 452–3667. FDIC: April A. Breslaw, Chief, Compliance Section, (202) 898–6609; David P. Lafleur, Policy Analyst, Division of Supervision and Consumer Protection, (202) 898–6569; Ruth R. Amberg, Senior Counsel, (202) 898– 3736, or Robert A. Patrick, Counsel, Legal Division, (202) 898–3757. NCUA: Regina Metz, Staff Attorney, (703) 518–6561, or Ross Kendall, Staff Attorney, Office of General Counsel, (703) 518–6562. FTC: Toby Milgrom Levin, Senior Attorney, (202) 326–3713, or Loretta Garrison, Senior Attorney, (202) 326– 3043. CFTC: Laura Richards, Senior Assistant General Counsel, (202) 418– 5126, or David B. Jacobsohn, Counsel, (202) 418–5161, Office of the General Counsel. SEC: Brian Baysinger, Special Counsel, Office of Chief Counsel, Division of Market Regulation, (202) 942–0073; or Penelope Saltzman, Senior Counsel, Division of Investment Management, (202) 942–0690. SUPPLEMENTARY INFORMATION: 1 Commission Rule 4.2(d), 16 CFR 4.2(d). The comment must also be accompanied by an explicit request for confidential treatment, including the factual and legal basis for the request, and must identify the specific portions of the comment to be withheld from the public record. The request will be granted or denied by the Commission’s General Counsel, consistent with applicable law and the public interest. See Commission Rule 4.9(c), 16 CFR 4.9(c). I. Background PO 00000 Frm 00018 Fmt 4702 Sfmt 4702 Subtitle A of title V of the GLB Act, captioned Disclosure of Nonpublic 2 The FDIC and SEC do not edit personal, identifying information such as names or e-mail addresses from electronic submissions. Submit only information you wish to make publicly available. E:\FR\FM\30DEP1.SGM 30DEP1 75166 Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules Personal Information (codified at 15 U.S.C. 6801 et seq.), requires each financial institution to provide a notice of its privacy policies and practices to its consumer customers. In general, the privacy notices must describe a financial institution’s policies and practices with respect to disclosing nonpublic personal information about a consumer to both affiliated and nonaffiliated third parties and provide a consumer a reasonable opportunity to direct the institution not to share nonpublic personal information about the consumer with nonaffiliated third parties. The privacy notice must also provide, where applicable under the Fair Credit Reporting Act (FCRA), a notice and an opportunity for a consumer to opt out of the sharing of certain information among affiliates.3 The Agencies have published consistent final regulations that implement the privacy provisions of the GLB Act (collectively referred to as ‘‘the privacy rule’’).4 The privacy rule requires a financial institution to include in its privacy notices specific items of information, such as the categories of nonpublic personal information that the institution collects and the categories of third parties to which the institution may disclose the information. The rule contains sample clauses that institutions may use in privacy notices. The rule does not, however, prescribe any specific format or standardized wording for these notices. Instead, institutions may design their own notices based on their individual practices provided they are consistent with the law and meet the ‘‘clear and conspicuous’’ standard in the rule. Financial institutions first were required to distribute privacy notices to their customers by July 1, 2001. Many privacy notices in this initial effort were long and complex. Moreover, because the privacy rule allows institutions flexibility in designing their privacy notices, notices have been difficult to compare, even among financial institutions with identical privacy policies. In response to broad-based concerns expressed by representatives of financial institutions, consumers, privacy advocates, and Members of Congress, the Agencies conducted a workshop in December 2001 to provide a forum to consider how financial institutions could provide more useful privacy 3 15 U.S.C. 1681a(d)(2)(A)(iii) (FCRA); 15 U.S.C. 6803(b)(4) (GLB Act). 4 12 CFR part 40 (OCC); 12 CFR part 216 (Board); 12 CFR part 332 (FDIC); 12 CFR part 573 (OTS); 12 CFR part 716 (NCUA); 16 CFR part 313 (FTC); 17 CFR part 160 (CFTC); and 17 CFR part 248 (SEC). VerDate jul<14>2003 20:19 Dec 29, 2003 Jkt 203001 notices to consumers. The workshop featured panel presentations by financial institutions, consumer advocates, and communications experts, and highlighted key communication principles to improve the notices. A number of institutions, particularly those with complex information-sharing practices, described the challenges they faced in explaining their practices and the choices available to consumers in a simple fashion while meeting all of the legal requirements for notice. Some institutions described results of consumer testing and efforts to make their privacy notices clearer and more useful to consumers. A number of financial institutions have since sought to improve their notices. Additionally, some industry groups have been working to formulate short, consumer-friendly notices that could accompany the longer, legally mandated notices under the rule. The Agencies applaud the efforts by consumer advocates and industry to improve privacy notices to make them more readable and useful to consumers. To encourage and facilitate the efforts already underway, the Agencies are considering proposing amendments to the privacy rule to provide for privacy notices that are more understandable and useful to consumers. The Agencies believe that this effort could benefit significantly from the breadth and depth of experience that many institutions have gained over the past two years in designing privacy notices, as well as the expertise of communications experts and the input of consumer organizations and comments from the public. Accordingly, the Agencies seek comment on a wide range of issues associated with the format, elements, and language used in privacy notices that would make the notices more accessible, readable, and useful. The Agencies also solicit examples of forms, model clauses, and other information, such as applicable research that has been conducted in this area, that may provide concrete illustrations or evidence to assist the Agencies in considering whether and how to develop various proposals.5 5 As stated above, the Agencies will jointly review all of the comments submitted, including those comments submitted to only one agency. Commenters may request confidential treatment of any trade secrets and commercial or financial information that is privileged or confidential information provided to the Agencies in accordance with the Freedom of Information Act (5 U.S.C. 552) and the Agencies’ respective regulations regarding availability of information. 12 CFR part 4, subparts B and C (OCC); 12 CFR part 505 (OTS); 12 CFR part 261, subparts A and B (Board); 12 CFR part 309 (FDIC); 12 CFR 792.29 (NCUA); 16 CFR 4.10 (FTC); 17 CFR 145.9 (Petition for Confidential Treatment) (CFTC); 17 CFR part 200, subpart D (SEC). PO 00000 Frm 00019 Fmt 4702 Sfmt 4702 Some of the terms and examples used in this Advance Notice of Proposed Rulemaking (ANPR) and sample notices are not suitable for credit unions, which have an organizational and operational structure that is different than other financial institutions. For example, the term customer, in the context of credit unions, generally will mean member, and while credit unions may form subsidiaries, they do not establish corporate affiliations like other financial institutions. Nevertheless, because of the predominance of issues that are common to all types of financial institutions, the NCUA believes its participation is important at this ANPR stage, whether or not it ultimately determines to publish a separate, but consistent and comparable, rule for credit unions. Based on the information collected for this ANPR, including information collected through independent research conducted by the Agencies, the Agencies will determine whether to propose changes to the privacy rule and, if so, will seek further public comment on specific proposals. The Agencies expect that consumer testing would be a key component in the development of any specific proposals. II. General Considerations for Improving Privacy Notices The Agencies are considering developing a range of alternative proposals for public comment to improve the privacy notices that financial institutions must provide to consumers under the GLB Act. The primary matter the Agencies are now considering is whether to develop a model privacy notice that would be short and simple. In order to illustrate, generally, this type of short notice and to spur specific suggestions for additional ideas that the Agencies should consider, a few of the potential alternative approaches are summarized below. These alternatives are also intended to help frame a number of important questions beyond the design of a short notice, such as whether all financial institutions should be required to use the same form of notice and whether a short notice could be a substitute for or should be a supplement to a longer, more detailed notice. The sample notices included in the appendices do not reflect a determination by the Agencies that any of these notices would be satisfactory under the privacy rule or for any particular financial institution. The Agencies note that these alternatives have not been developed as a result of specific research or consumer testing and are not being proposed for E:\FR\FM\30DEP1.SGM 30DEP1 Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules adoption. The Agencies specifically invite suggestions for other approaches to improve the readability and usefulness of privacy notices as set out in section III. As an initial matter, the Agencies request comment on whether to pursue the development of a short privacy notice. The Agencies note that, should they do so, there are several ways the Agencies could exercise their authority for developing a short notice, and the Agencies have not settled on any single approach. The Agencies could, for example, explore whether an interagency interpretation of the privacy rule, perhaps with model forms or language, would promote the development of privacy notices that are more understandable and useful to consumers. Similarly, the Agencies could develop a set of guidelines or best practices that would enable financial institutions to improve their privacy notices, or the Agencies could propose amendments to the privacy rule. The Agencies request comment on what approaches would be most useful to consumers while taking into consideration the burden on financial institutions. The Agencies have identified the following approaches to simplify the privacy notices for consideration by commenters. One approach would be for the Agencies to develop a specific format and standardized language for a short notice that highlights key elements of an institution’s privacy policy. For instance, a short notice could describe the types of nonpublic personal information an institution collects, the institution’s policies for sharing that information with third parties, and a description of how consumers can opt out of information sharing. Like a nutrition label, a standardized notice would permit consumers easily to compare these elements of the privacy policies of different institutions and to become familiar with the standardized format and text. This type of form could include a description of how the consumer could obtain a longer, detailed privacy notice or be provided in combination with a longer, detailed privacy notice. An example illustrating this kind of format and language for a short notice appears in Appendix A. In a similar approach, the Agencies could develop a short notice with a specific format and standardized language that would be designed to address all of the relevant elements listed in the GLB Act and the privacy rule. Such a notice would permit consumers to compare all relevant elements listed under federal law of the privacy policies of different institutions. VerDate jul<14>2003 20:19 Dec 29, 2003 Jkt 203001 However, since information sharing practices may vary, a financial institution may need flexibility in describing the categories of affiliated and nonaffiliated parties to whom it discloses nonpublic personal information. An example illustrating this kind of format and language appears in Appendix B and the categories of parties that may be modified by a financial institution appear in brackets. Another approach to simplifying privacy notices would involve establishing a standardized format for privacy notices, but allowing financial institutions to provide their own descriptions of their privacy policies and practices. This potential approach may simplify privacy notices and make them more accessible for consumers, yet would permit each financial institution to tailor the language in the notice to suit its own privacy policies and practices. An example of a standardized format is included in Appendix C. Alternatively, the Agencies could prescribe standardized language that a financial institution would use to design its own notice without a format specified by the privacy rule. Standardized language may facilitate comparisons among financial institutions’ policies and describe key consumer rights so that consumers could become familiar with circumstances under which information about them may be disclosed to third parties. Another approach would be to focus attention on the consumer’s right to opt out of disclosures available under the institution’s privacy policies. For example, the opt-out notice could be provided by itself, with a statement that the institution’s privacy policy is available on request. Alternatively, a description of the consumer’s opt out right and how it could be exercised could be provided on the first page of a financial institution’s privacy notice. The Agencies could prescribe the language, and its placement so as to ensure prominence and readability, but not require any further standardization of privacy notices. An example of this type of notice is included in Appendix D. Detailed descriptions of ways to improve privacy notices, such as examples of language that may be used, illustrations of formats, and references to the particular requirements of the privacy rule that may need to be amended, will assist the Agencies in learning about and evaluating particular proposals. This ANPR outlines several potential approaches. The Agencies invite comment on the advantages and PO 00000 Frm 00020 Fmt 4702 Sfmt 4702 75167 disadvantages of these approaches. Also, the Agencies request comment on any other approach the Agencies should consider. III. Request for Comments Any change in the privacy rule to provide for short notices raises a number of issues. In addition to comment on the various approaches discussed above or illustrated in the appendices, the Agencies request comment and supporting research and documentation on other matters that may be raised by the implementation of a short privacy notice. In particular, the Agencies invite comment on the following questions and supporting documentation where available: A. Goals of a Privacy Notice 1. What should be the goals of a privacy notice? What goals are most important? 2. Should the Agencies pursue the development of a short notice to achieve these goals? 3. Are there any special issues for the Agencies to consider in developing a short privacy notice that may arise from potential differences between federal and state law requirements? 4. In what ways should a privacy notice be useful to a consumer? Please identify those ways that are the most or least important. a. To permit ready comparison among different institutions’ privacy policies? b. To provide sufficient information to make an informed decision about whether to opt out? c. To highlight the consumer’s right to opt out? d. To provide convenient mechanisms for the consumer to opt out? e. To provide a mechanism for the consumer to opt out in the same medium used to provide the privacy notice? f. Other ways? B. Elements of a Privacy Notice 1. What are the key elements of a privacy policy that a short notice should contain? 2. Are these key elements the same from the perspective of institutions and consumers? If not, explain the differences and why. 3. Is there an optimal number of elements (beyond which would be too many) to include in a short notice? 4. Should a short privacy notice contain, at a minimum, all of the relevant elements listed in the GLB Act and the privacy rule? If not, should it include a statement advising the consumer that an institution’s complete privacy policy will be provided upon request? E:\FR\FM\30DEP1.SGM 30DEP1 75168 Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules 5. Should certain elements, such as a description of a consumer’s opt-out rights (if applicable), be given prominence or be presented in a certain order? 6. Should statements describing information sharing practices not subject to a consumer’s right to opt-out, such as whether a financial institution discloses information to nonaffiliated financial institutions under joint marketing agreements for financial products or services, be highlighted in the short notice? C. Language of a Privacy Notice 1. Are there particular ‘‘privacy’’ terms or words that consumers readily understand that should be included in a short notice? Should any terms or language currently used in notices be avoided? 2. Should a financial institution be required to use standardized clauses in a short notice? 3. Rather than using standardized language, should a financial institution be permitted to develop its own language in a short notice so long as the short notice incorporates specified items of information? D. Format of a Privacy Notice 1. Should the Agencies develop a standardized graphic design for a short notice that financial institutions would use? If so, what graphic design would be most suitable for the format of a short notice? 2. Based on experiences with the current privacy notices or tests that have been conducted in this area, what alternative forms of notice are likely to be useful to consumers and/or to financial institutions? 3. Is there a suggested length for a short privacy notice? Is there a suggested length for phrases or sentences within a short notice? 4. Are there suggestions for overall design of the notice, including layout, use of color, graphic devices, font(s), and size(s) of the text in the notice? 5. If a financial institution does not disclose information to third parties that would be subject to a consumer’s right to opt out (under either the FCRA or the GLB Act), what form should the privacy notice take? 6. Should an institution be allowed to modify its short privacy notice to include elements that may be required under state laws? If so, then how can a short notice be designed to include those elements? VerDate jul<14>2003 20:19 Dec 29, 2003 Jkt 203001 E. Mandatory or Permissible Aspects of a Privacy Notice 1. Should use of a short notice be mandatory for all financial institutions? 2. Should use of standardized language and/or format for a short notice be mandatory for all financial institutions? Or should each institution be permitted to create its own short notice following agency guidelines? 3. If a short notice is standardized, should only part(s) of the notice be mandatory, and, if so, what part(s)? Or should all of a standardized short notice be mandatory? 4. If use of standardized part(s), such as standardized clauses, is not required, should the Agencies create a safe harbor from administrative enforcement for financial institutions that use the standardized parts in their notices (or a whole, standardized notice)? 5. Should an institution be required or permitted to deliver both a short notice and a long notice? 6. Financial institutions that generally do not share information with third parties—such as those that do not have any affiliates and do not share information in a manner that is subject to a consumer’s right to opt out under the FCRA or the GLB Act and do not engage in joint marketing agreements— currently may have abbreviated and simple notices. If a short notice is mandated, should the Agencies make an exception to allow these institutions to continue to use the simple, abbreviated notices they currently use? Alternatively, should the Agencies prescribe a special short notice for these institutions to use? 7. Some financial institutions offer consumers choices to opt out of information-sharing arrangements that are not mandated by either the FCRA or the GLB Act, such as the ability to opt out of an institution’s own marketing or joint marketing arrangements with nonaffiliated financial institutions for financial products or services. If a short notice is mandated, should the Agencies allow these institutions to include in the short notice information about these additional choices to opt out? 8. Should the Agencies allow financial institutions to include other information that relates to their privacy policies and practices in their short notices? For instance, should a financial institution that shares information with affiliates for marketing purposes only if a customer opts in to the sharing be permitted to include this information in a short notice? PO 00000 Frm 00021 Fmt 4702 Sfmt 4702 F. Costs and Benefits of a Short Notice With respect to consumers or financial institutions, or both: 1. What are the costs and benefits of providing a short notice and how do they compare with the requirements under the current privacy rule? 2. How, if at all, do the costs and benefits of a short notice depend on: a. Whether the notice is mandatory or permissible? b. Whether the format of the notice is standardized? On whether the language is standardized? c. Whether the use of a short notice requires financial institutions to make supplemental privacy information available upon request? G. Additional Information 1. Are there any models or samples of notices that work particularly well with consumers that the Agencies should consider? Provide any samples and research or supporting documentation. 2. Provide the results and supporting research or documentation of any consumer testing that has been conducted in this area. 3. What processes or types of consumer testing should the Agencies use to evaluate standardized terms or language, formats for notices, and short notices? 4. If the Agencies adopt an alternative form of notice, should consumer education accompany introduction of the new type of notice? If so, what type of consumer education would be effective? IV. Conclusion In the event that the Agencies decide to proceed, the Agencies expect to do so through proposed rulemaking. In addition to evaluating the comments submitted in response to this ANPR, the Agencies contemplate that consumer testing would be an important element of the development of any alternative type of privacy notice. By Order of the Board of Directors. Dated at Washington, DC, this 2nd day of December, 2003. Federal Deposit Insurance Corporation. Robert E. Feldman, Executive Secretary. By the National Credit Union Administration Board on December 18, 2003. Becky Baker, Secretary of the Board. E:\FR\FM\30DEP1.SGM 30DEP1 Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules Dated: December 22, 2003. By the Securities and Exchange Commission. 75169 Dated: December 8, 2003. By order of the Board of Governors of the Federal Reserve System, December 22, 2003. Jennifer J. Johnson, Secretary of the Board. Dated: November 14, 2003. John D. Hawke, Jr., Comptroller of the Currency. Deputy Secretary. By Direction of the Commission. Donald S. Clark, Secretary. Dated: December 18, 2003. Jean A. Webb, Secretary of the Commodity Futures Trading Commission. Margaret H. McFarland, By the Office of Thrift Supervision, James E. Gilleran, Director. BILLING CODE 4810–33–P; 6210–01–P; 6714–01–P; 6720–01–P; 7535–01–P; 6750–01–P; 6351–01–P; 8010–01– P Dated: December 17, 2003. VerDate jul<14>2003 20:19 Dec 29, 2003 Jkt 203001 PO 00000 Frm 00022 Fmt 4702 Sfmt 4702 E:\FR\FM\30DEP1.SGM 30DEP1 VerDate jul<14>2003 Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules 20:19 Dec 29, 2003 Jkt 203001 PO 00000 Frm 00023 Fmt 4702 Sfmt 4725 E:\FR\FM\30DEP1.SGM 30DEP1 EP30DE03.000</GPH> 75170 VerDate jul<14>2003 20:19 Dec 29, 2003 Jkt 203001 PO 00000 Frm 00024 Fmt 4702 Sfmt 4725 E:\FR\FM\30DEP1.SGM 30DEP1 75171 EP30DE03.001</GPH> Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules VerDate jul<14>2003 Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules 20:19 Dec 29, 2003 Jkt 203001 PO 00000 Frm 00025 Fmt 4702 Sfmt 4725 E:\FR\FM\30DEP1.SGM 30DEP1 EP30DE03.002</GPH> 75172 VerDate jul<14>2003 20:19 Dec 29, 2003 Jkt 203001 PO 00000 Frm 00026 Fmt 4702 Sfmt 4725 E:\FR\FM\30DEP1.SGM 30DEP1 75173 EP30DE03.003</GPH> Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules 75174 Federal Register / Vol. 68, No. 249 / Tuesday, December 30, 2003 / Proposed Rules
@FedFRASER