We in the Compliance Department spent many hours writing a privacy policy we thought would meet the requirements of the GLB Act. Unfortunately, that policy has fallen in to the hands of our (wonderful)marketing folks, who decided to "tweak " it to make it sound more "warm and fuzzy". I have no problem with warm and fuzzy, but every place we used the term "customer" or "consumer", they have substituted "client". (That is our own bank terminology, and we apply that term to both consumers and customers.) However, because this is a document that is written to comply with a particular law, my feeling is that we should use the terminology provided for in the Act. Am I right, or am I just being an overly fussy Compliance nerd?

If you define "client" as applying to both consumers and customers, you should be fine. I would include that clause right into the policy document so there is no mis-interpretation.

The one sticking point that may be an issue is how you treat consumers and customers in terms of what info you disclose and if "opt-out" applies in your situation. That is where the "client" versus "consumer" or "customer" could cause you some confusion.