Beginning May 28, 2019 certain dealers and merchants will be able to avoid sending out an annual privacy notice, under a revision the Commodity Futures Trading Commission has made to its GLB privacy regulations. Under GLB, financial institutions must send customers annual privacy notices. The law applies to futures commission merchants, commodities trading advisors, commodity pool operators, and introducing brokers through regulations enforced by the CFTC. The CFTC, unlike other regulators that enforce GLB, had not prior to this amendment permitted regulated entities to avoid an annual notice. Other regulators had done so, pursuant to a 2015 amendment to GLB, in certain proscribed circumstances.
Now, as with other regulators, the CFTC will allow covered entities to avoid sending an annual notice provided that the covered entities share nonpublic personal information only in limited circumstances and have not changed their privacy practices since the last-sent privacy notice. The circumstances in which a covered entity can share nonpublic personal information and still avoid sending an annual notice include sharing with a third party to perform services for the covered entity, to perform a transaction that a consumer authorizes, or with the consumer’s consent.
Putting it Into Practice: Entities regulated by the CFTC will now enjoy the same exception to the annual notice requirement as other financial services firms. Companies who are thinking about whether or not the exception applies should examine their sharing practices, as well as understand whether any practices have changed since the last-sent notice.