Final Model Privacy Form Under the Gramm-Leach-Bliley Act
A Small Entity Compliance Guide1
On December 1, 2009, the Securities and Exchange Commission ("Commission"), together with seven other federal agencies, published in the Federal Register amendments to the rules implementing certain privacy provisions of the Gramm-Leach-Bliley Act ("GLB Act") and adopting a model privacy form. The GLB Act and the Commission's Regulation S-P require brokers, dealers, investment advisers registered with the Commission, and investment companies ("SEC entities") to provide initial and annual privacy notices to their customers. These notices must describe the entities' information-sharing practices and inform customers of their right to opt out of certain of these practices. The model privacy form is designed to make it easier for consumers to understand how financial institutions collect and share their personal financial information and to compare different institutions' information practices.
SEC entities may rely on the model privacy form as a safe harbor to comply with these disclosure requirements. The Commission also is eliminating the guidance associated with the use of notices that incorporate the sample clauses in Regulation S-P.
The amendments became effective on December 31, 2009, except for the amendments eliminating the sample clauses and associated guidance, those become effective for notices sent after December 31, 2010.
The Model Privacy Form
The model privacy form is a two-page disclosure form. It is designed to be succinct and comprehensible and allow consumers to easily compare the privacy practices of different financial institutions. Use of the model privacy form is voluntary. An SEC entity that chooses to use the model privacy form consistent with the instructions to the form will satisfy the disclosure requirements for privacy notices under the GLB Act and Regulation S P (i.e., will obtain a "safe harbor").
To rely on the safe harbor, SEC entities must, among other requirements, present the model privacy form in a way that is clear, conspicuous, and intact, so that a customer can retain the content of the model form. In addition, they must provide the model form to customers using the same page orientation (portrait), format, and order of elements as provided in the rule amendments (and shown in the form). SEC entities may not change the content of the form or add any information, except as specifically permitted in the instructions to the form. SEC entities may customize the form only where terms or spaces are shown in brackets, by either selecting from the menu of terms provided in the instructions to the form, or inserting the relevant information, as indicated in the instructions to the form.
Provided that an SEC entity's use of the model privacy form meets these standards, it may:
Online Form Builder
The Commission is also providing a link on its website to an online model privacy form builder that any SEC entity may download and complete to create a customized privacy notice.
Elimination of Sample Clauses and Associated Guidance
Regulation S-P currently contains an appendix with sample clauses that SEC entities can use as guidance in designing their privacy notices. The amendments remove the sample clauses from Regulation S-P effective January 1, 2012, and SEC entities may no longer use them as guidance for privacy notices they provide after December 31, 2010. Although only the final model privacy form provides a safe harbor for compliance with the privacy disclosure provisions under the GLB Act and Regulation S-P, SEC entities may continue to use other types of notices that vary from the model privacy form, including notices that use the sample clauses, so long as these notices comply with the GLB Act and Regulation S-P.
The adopting release can be found on the Commission's web site at http://www.sec.gov/rules/final/2009/34-61003.pdf. The text of the rule amendments can be accessed through the "Investment Management" section of the Commission's website.
Contacting the Securities and Exchange Commission
Staff in the Commission's Divisions of Investment Management and Trading and Markets are available to answer questions about the model privacy form. The Office of Chief Counsel in each division answers questions submitted by email and telephone. You can submit a question by e-mail to the Division of Investment Management at email@example.com and a staff member of the office will call you to discuss your question. You can also contact the Division of Investment Management's Office of Chief Counsel at (202) 551-6825 or the Division of Trading and Markets' Office of Chief Counsel at (202) 551-5550.
1 This guide was prepared by the staff of the U.S. Securities and Exchange Commission as a "small entity compliance guide" under Section 212 of the Small Business Regulatory Enforcement Fairness Act of 1996, as amended. The guide summarizes and explains rule amendments adopted by the Commission, but is not a substitute for any rule. Only Regulation S-P can provide complete and definitive information regarding its requirements.