Do most banks have a formal privacy policy in addition to the privacy notice or are banks just using the wording in the notice as their policy?


Thanks!

I've seen it used both ways, but at my shop I prefer a separate policy from the notice, with the notice as an appendix.

I too have seen both ways, though bigger banks seem to have a separate policy while smaller banks just use their notice. Also, many ethics policies cover privacy which could eliminate the need for a separate privacy policy.

Regulation P is a relatively unimportant regulation driven by the one time distribution of a disclosure. Any policy for that topic alone would be verbose once you passed the second paragraph; i.e. it is unnecessary.

The broader topic of "Privacy" would incorporate information security and all other ways that banks can hemorrhage customer information. It would be a double edged sword; i.e. you could make a grandiose statement that could be used against you in the wrong situation. Write it if you need it, but don't over promise.