17 CFR 248.9 - Delivering privacy and opt out notices.

Status message

There is 1 rule appearing in the Federal Register for 17 CFR 248. View below or at eCFR (GPOAccess)
prev | next
§ 248.9 Delivering privacy and opt out notices.
(a) How to provide notices. You must provide any privacy notices and opt out notices, including short-form initial notices that this subpart requires so that each consumer can reasonably be expected to receive actual notice in writing or, if the consumer agrees, electronically.
(b)
(1) Examples of reasonable expectation of actual notice. You may reasonably expect that a consumer will receive actual notice if you:
(i) Hand-deliver a printed copy of the notice to the consumer;
(ii) Mail a printed copy of the notice to the last known address of the consumer;
(iii) For the consumer who conducts transactions electronically, post the notice on the electronic site and require the consumer to acknowledge receipt of the notice as a necessary step to obtaining a particular financial product or service; or
(iv) For an isolated transaction with the consumer, such as an ATM transaction, post the notice on the ATM screen and require the consumer to acknowledge receipt of the notice as a necessary step to obtaining the particular financial product or service.
(2) Examples of unreasonable expectation of actual notice. You may not, however, reasonably expect that a consumer will receive actual notice of your privacy policies and practices if you:
(i) Only post a sign in your branch or office or generally publish advertisements of your privacy policies and practices; or
(ii) Send the notice via electronic mail to a consumer who does not obtain a financial product or service from you electronically.
(c) Annual notices only.
(1) You may reasonably expect that a customer will receive actual notice of your annual privacy notice if:
(i) The customer uses your web site to access financial products and services electronically and agrees to receive notices at the web site and you post your current privacy notice continuously in a clear and conspicuous manner on the web site; or
(ii) The customer has requested that you refrain from sending any information regarding the customer relationship, and your current privacy notice remains available to the customer upon request.
(2) Example of reasonable expectation of receipt of annual privacy notice. You may reasonably expect that consumers who share an address will receive actual notice of your annual privacy notice if you deliver the notice with or in a stockholder or shareholder report under the conditions in 17 CFR 270.30d-1(f) or 17 CFR 270.30d-2(b), or with or in a prospectus under the conditions in 17 CFR 230.154.
(d) Oral description of notice insufficient. You may not provide any notice required by this subpart solely by orally explaining the notice, either in person or over the telephone.
(e) Retention or accessibility of notices for customers.
(1) For customers only, you must provide the initial notice required by § 248.4(a)(1), the annual notice required by § 248.5(a), and the revised notice required by § 248.8, so that the customer can retain them or obtain them later in writing or, if the customer agrees, electronically.
(2) Examples of retention or accessibility. You provide a privacy notice to the customer so that the customer can retain it or obtain it later if you:
(i) Hand-deliver a printed copy of the notice to the customer;
(ii) Mail a printed copy of the notice to the last known address of the customer; or
(iii) Make your current privacy notice available on a web site (or a link to another web site) for the customer who obtains a financial product or service electronically and agrees to receive the notice at the web site.
(f) Joint notice with other financial institutions. You may provide a joint notice from you and one or more of your affiliates or other financial institutions, as identified in the notice, as long as the notice is accurate with respect to you and the other institutions.
(g) Joint relationships. If two or more consumers jointly obtain a financial product or service from you, you may satisfy the initial, annual, and revised notice requirements of paragraph (a) of this section by providing one notice to those consumers jointly.

Title 17 published on 2013-04-01

The following are only the Rules published in the Federal Register after the published date of Title 17.

For a complete list of all Rules, Proposed Rules, and Notices view the Rulemaking tab.

  • 2013-04-19; vol. 78 # 76 - Friday, April 19, 2013
    1. 78 FR 23638 - Identity Theft Red Flags Rules
      GPO FDSys XML | Text
      SECURITIES AND EXCHANGE COMMISSION, COMMODITY FUTURES TRADING COMMISSION
      Joint final rules and guidelines.
      Effective date: May 20, 2013; Compliance date: November 20, 2013.
      17 CFR Part 162

Title 17 published on 2013-04-01

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 17 CFR 248 after this date.

  • 2013-04-19; vol. 78 # 76 - Friday, April 19, 2013
    1. 78 FR 23638 - Identity Theft Red Flags Rules
      GPO FDSys XML | Text
      SECURITIES AND EXCHANGE COMMISSION, COMMODITY FUTURES TRADING COMMISSION
      Joint final rules and guidelines.
      Effective date: May 20, 2013; Compliance date: November 20, 2013.
      17 CFR Part 162