My thoughts
(1) No you do not need to restrict access to the dual employees. They need access to the customer information when then are wearing their bank hats.
(2) Providing the customer with the bank's privacy notice is ALWAYS a good idea. Also provideing the customers with a copy of the 3rd party investment broker's privacy notice along with a clear explanation as to the relationship between the bank and the 3rd party broker is also ALWAYS a good idea. As I tell our WM folks, there is no problem in overdisclosing what our privacy policy is. It's only when we don't do it that we have problems.
(3) I would review the 3rd party agreement that you no doubt have that addresses the clearing arrangements, account ownership, what the reps can and can't do, who will pay who and how much, etc. My guess is that contract will contain the privacy information you are seeking. If it doesn't, then I would consult with the persons at your institution that negotiated the contract to find out if there was a particular reason why it was excluded. (Also take a look at GLBA relative to the existing contract with the 3rd party. Does the contract, contain all of the GLBA requirements? - the information you are seeking may be included in that section.)
FYI our WM division is also part of the bank, not an affiliate. But we do have a wholly-owned bank subsidiary that is a broker dealer. The activities of the BD fall under the WM division umbrella so it gets rather complicated. I think the difference between you and us, is that you are dealing with a dual employees between your 3rd party- unaffiliated BD and your bank. I deal with dual employees between our bank and our BD.