So we share information with an affiliate that requires we provide opt-out. I believe the FAST exemptions from annual privacy notice mailings extend only to specific exemptions in Reg P, not FCRA. So in my situation, must we continue with an annual mailing?
It is my understanding that if you include your FCRA opt-out on the Reg P model privacy form, then yes, you must continue the annual mailing. If, however, you provide a separate FCRA opt-out, then you can avoid sending the annual privacy notice and opt-out. The FCRA does not require an annual opt-out mailing, but you would have to send the privacy notice/opt-out annually if you take the optional approach and use the Reg P privacy notice for the delivery of your FCRA opt-out.
From the preamble to the July 1, 2016 proposal:
Section 624 of the FCRA and Regulation V also permit (but do not require) financial institutions to incorporate any opt-out disclosures provided under section 624 of the FCRA and subpart C of Regulation V into privacy notices provided pursuant to the GLBA and Regulation P.
_________________________
Adam Witmer, CRCM
All statements are my opinion, not those of my employer, and should not be taken as legal advice.
www.compliancecohort.com