The following was sent by a vendor in an email:
In late October the CFPB issued a final rule that will allow some institutions to avoid the expense of mailing annual privacy disclosures. Under the new rule, effective October 28, 2014, institutions that meet the requirements of the CFPB’s “alternative delivery method” will no longer have to mail their privacy disclosures every year as long as they:
• Are not required to provide an opt-out;
• Have not changed their privacy notice since the last time it was given;
• Do not use the privacy notice as the only way to comply with Affiliate Marketing requirements, if applicable;
• Use the Model privacy notice; and
• Do not reside in the states of Vermont or California as these states have their own Privacy regulations and have yet to comment on if the CFPB's Alternative Delivery method can be used.
Is that last statement accurate and if so, how do I go about finding out if CA law is going to accept the new alternative method for annual disclosures for those who do not share? I have customers in several states, along with CA. Otherwise, I am stuck with the traditional privacy mailing instead of the new method of notice on statements and putting the disclosure on my website.