We're having a discussion about the number of notices that we are required to provide. If a customer has more than one account, e.g., a checking account and a savings account (both titled with the individual's name and SS#), may we send one notice to cover both accounts or must we send a notice for each account? It would seem that since, under ____.4(d), we are not required to give a new notice to an exisiting customer who has already received one (provided the one the customer received is still accurate), that one notice would suffice for customers with multiple accounts, but I can't find that in writing anywhere.

------------------
Opinions expressed are my own and are not necessarily those of my employer.

The intent of the regulation is to notify "consumers" or "customers". It would be unreasonable to expect us to send notices on a per account basis. Look to the section _____.9(g). In the case of joint owners, one notice to the consumers jointly satisfies the requirements, which eliminates the "per account" notification.

Mailing by SS# is the most efficient method to use for your existing customer base.

Privacy disclosures can be posted on web sites. The question is, is the disclosure required to be posted on the web site?

While privacy statements can be posted on a Web site, that is not a way to ensure delivery to all required customers. I do believe it is an appropriate place for an Internet specific or combined privacy statement.

You may confuse a lot of people if they do not use the Net and you start talking about giving cookies away and what happens if they hurl their cookies.

------------------
Andy Zavoina
Opinions stated are not necessarily that of my employer.

I agree that web placement in general won't ensure customer receipt. The notice on our page is internet-specific. However, my question is are we required to place the "non-internet specific" notice on the web page.

I attended an internet compliance seminar a few weeks ago. The presenter told us that your online privacy statement should always be "1 click" away from wherever the customer (consumer) is on your site. In other words, they should be able to access your privacy policy regardles of where they are on your website. Does that help?

But which privacy policy? The privacy policy that is specific to the internet is there but I'm wondering if we are required to post the privacy policy that we intend to hand to customers that bank in person. The policy posted on the web site strictly speaks to accessing our web site.

I am at a large NY bank and we were required to have a privacy policy before any of the rest of you because of a groundbreaking pre-GLB merger. Examiners have reviewed our websites and okayed what we have. We have our general privacy promise on our websites, which then links to our internet privacy promise. We are under a number of regulators and they all like this. so the answer to "which" is "both".

Thanks, makes sense.