At first I didn't think we needed to adopt the model privacy notice because we do not share information other than those permitted. The notice we are currently using states what informatin we collect, what we may disclose necessary to effect, administer or enforce a transaction at customer request or authorization, our security procedures, and a general commitment regarding customer privacy.

My guestion if we do not sell information to direct marketing companies, do we have to adopt the new model notice? and does it have to be in the same format?

There is no requirement to use the model no matter what you do. It is only if you use the model correctly, you are covered under the safe harbor provisions.

Thanks. After sending the first post, I went to the tools sections for the forms, still not sure which of the opt/out forms we need to be using?

Doesn't sound like you share information that would require an opt-out.

I continue to be perplexed regarding the Definition section on the second page if the bank is under a holding company structure with no other affiliates and there is no sharing. Based on the instructions for this section, should we state “[name of financial institution] has no affiliates” or “[name of financial institution] does not share with our affiliates”?

Bump - Compliance Poster - I'm curious about your question as well. Did you ever get an answer?