For area bankers, it’s the time of year to send annual Privacy Notices to comply with the Gramm-Leach-Bliley Act.

Despite recent Congressional attempts to change the requirement, the Gramm-Leach-Bliley Act (“GLBA”) still requires sending customers an annual Notice of Privacy Practices.

During the 2012 Congress, H.R. 5817 entitled the “Eliminate Privacy Notice Confusion Act” was introduced by Missouri Congressman Blaine Luetkemeyer, which would have eliminated the need for financial institutions and others to provide customers an annual Privacy Notice. The bill passed the House but failed in the U.S. Senate. The bill has been reintroduced this Congressional session as H.R. 749, has passed the House and is pending in the Senate.

Accordingly, despite rumors to the contrary, it is still necessary to send bank customers an annual Privacy Notice. Also note that by now your bank should have revised its Notice of Privacy Practices to comply with formatting and disclosure safe harbors which became effective January 1, 2011. Basically, if your current Privacy Notice is solid text filled with “legalese” it is likely the old form. The new form has easier to read graphics, boxed disclosures and “plain English.”

When the GLBA was originally enacted in 1999, federal regulators approved recommended Privacy Notice disclosure language only to subsequently withdraw that guidance in favor of a new model Privacy Notice form. Federal regulators determined that the previous model language was confusing to consumers and did not adequately convey information concerning their privacy rights. Use of the new model Privacy Notice form provides a “safe harbor” to financial institutions that utilize the form but, to achieve safe harbor status, the financial institution must use the exact form prescribed by the regulators and, in addition, complete the boxes using the “form builder” software which incorporates standard phrases found in the guidance issued in the Federal Register on April 16, 2010.

Essentially, financial institutions are given four variations of the model form:

  • A Privacy Notice with an “opt out” option with affiliate marketing;
  • A Privacy Notice with an “opt out” option without affiliate marketing;
  • A Privacy Notice with no opt out option with affiliate marketing; and
  • A Privacy Notice with no opt out option without affiliate marketing.

There is a “form builder” available online at the website of each primary regulator to assist financial institutions in developing a Privacy Notice that reflects that institution’s privacy practices. While the Privacy Notice is only two pages in length, the directions for preparing and completing the form run over 100 pages and includes mandatory language for “filling in the blanks.”

Accordingly, check your current Privacy Notice form to verify it complies with GLBA standards. Remember the Privacy Notice must still be sent to customers annually, at least until Congress acts on H.R. 749 and it is signed into law. If you would like assistance in reviewing or revising your Privacy Notice, contact Davenport Evans at 605-336-2880 or find direct lines and attorney email through the links below and at  

Davenport Evans Financial Institutions Group 

  Keith A. Gauer   Charles D. Gullickson   Robert E. Hayes   Dixie K. Hieb   Douglas J. Hajek   Vince M. Roche


Davenport, Evans, Hurwitz & Smith, LLP, located in Sioux Falls, South Dakota, is one of the State’s largest law firms. The firm’s attorneys provide business and litigation counsel to individuals and corporate clients in a variety of practice areas. For more information about Davenport Evans, visit or call 605-336-2880.