Is there industry guidance on what disclosure of privacy and security should be on a website of a nonbank (The Nonbank does not do business with consumers. Nonbank is a subsidiary of a bank holding company.) When I looked at various companies' website privacy/security disclosures, they were widely varied....from no disclosure to a disclosure much like you would find on a bank website.