[House Report 114-59]
[From the U.S. Government Publishing Office]


114th Congress    }                                       {      Report
                        HOUSE OF REPRESENTATIVES
 1st Session      }                                       {      114-59

======================================================================



 
                 ELIMINATE PRIVACY NOTICE CONFUSION ACT

                                _______
                                

 April 13, 2015.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

       Mr. Hensarling, from the Committee on Financial Services, 
                        submitted the following

                              R E P O R T

                        [To accompany H.R. 601]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Financial Services, to whom was referred 
the bill (H.R. 601) to amend the Gramm-Leach-Bliley Act to 
provide an exception to the annual privacy notice requirement, 
having considered the same, report favorably thereon without 
amendment and recommend that the bill do pass.

                          Purpose and Summary

    H.R. 601, the Eliminate Privacy Notice Confusion Act, would 
create exemptions from annual privacy notice requirements 
imposed by federal law for a financial institution that: (1) 
provides nonpublic personal information about consumers to 
unaffiliated third parties only in accordance with exceptions 
under the Gramm-Leach-Bliley Act (e.g. service providers, law 
enforcement, or as necessary to fulfill a transaction requested 
by the customer), or (2) has not changed its disclosure 
policies and practices since the most recent disclosure was 
sent to consumers.

                  Background and Need for Legislation

    The Gramm-Leach-Bliley Act of 1999 (P.L. 106-102) requires 
financial institutions to issue privacy disclosure notices to 
consumers that detail the institution's privacy policies if it 
shares customers' non-public personal information with 
affiliates or third parties. The law also requires institutions 
to notify existing and potential customers of their right to 
opt out of sharing non-public personal information with third 
parties. Such disclosures are required to occur when a customer 
relationship is first established with the institution and 
annually in written form as long as the relationship continues, 
even if no changes to the disclosure policies have occurred.
    Requiring financial institutions to send annual privacy 
notices even when no policy changes have been made can be 
redundant, unnecessary, and confusing, considering that many 
consumers often ignore these mailings. Producing and mailing 
these notices cost institutions millions of dollars.\1\ 
Eliminating the requirement would remove an additional expense 
for financial institutions, thereby helping to save valuable 
staff resources and lower the cost of financial services, while 
also making the mailings more significant to the consumer 
because they would come only after a change in policy.
---------------------------------------------------------------------------
    \1\TBD.
---------------------------------------------------------------------------
    On October 20, 2014, the Consumer Financial Protection 
Bureau (CFPB) finalized a rule that allows financial 
institutions to post their annual privacy notices online 
instead of delivering them individually if they meet a series 
of conditions, including not sharing the customer's nonpublic 
personal information with nonaffiliated third parties. H.R. 601 
improves on the CFPB's rule, because it eliminates the annual 
privacy policy notice requirement for an institution that does 
not share information with non-affiliated third parties and 
does not change its privacy policy from the last time it was 
disclosed. H.R. 601 provides a simple and flexible approach, 
unlike the CFPB's final regulation, which adds unnecessary 
layers of conditions and qualifications.
    In a joint letter dated March 23, 2015, the American 
Bankers Association (ABA), American Financial Services 
Association (AFSA), Consumer Bankers Association (CBA), Credit 
Union National Association (CUNA), Financial Services 
Roundtable (FSR), Independent Community Bankers of America 
(ICBA), Midsize Bank Coalition of America (MBCA), Mortgage 
Bankers Association (MBA), and National Association of Federal 
Credit Unions wrote:

          The Gramm-Leach-Bliley Act for the first time created 
        an explicit privacy regime for those covered by the 
        law. A key element of this regime is the requirement to 
        provide customers copies of privacy notices every year, 
        even if privacy policies do not change. These notices 
        have become somewhat notorious for confusing customers 
        with several pages of small-print legalese, as mandated 
        by financial regulators. There is broad agreement that 
        repeatedly flooding consumers with complicated notices, 
        usually restating a policy that has not changed in 
        years, has little value for either customers or 
        financial institutions. In fact, customers have become 
        so inured to the notices that they are largely 
        discarded unread immediately upon receipt. H.R. 601 
        would greatly improve this regime by ensuring that 
        customers have access to privacy policies including a 
        paper notice if they choose to receive one. However, 
        institutions will no longer be required to mail an 
        annual paper notice so long as their policy is 
        unchanged and the notice is available online and upon 
        request, saving millions of pounds of paper every year. 
        This legislation is a common-sense improvement that 
        will help consumers. Having unanimously passed the 
        House in previous Congresses, the bill has consistent 
        broad bipartisan support. We appreciate your efforts on 
        this issue and look forward to working with you and 
        your colleagues to better serve consumers.

    Appearing before the Committee on March 18, 2015, Adam J. 
Levitin, Professor of Law, Georgetown University Law Center, 
testified:

          One thing that I think should go the way of the Dodo 
        bird are the Gramm-Leach-Bliley privacy notices. Nobody 
        reads them. If anything, the only effect they have 
        would be to lull consumers into thinking they actually 
        have some privacy rights. There is no reason anyone 
        should--even the large banks, should [be] spending 
        money on giving those notices.

                                Hearings

    The Committee on Financial Services held no hearings on 
H.R. 601 in the 114th Congress.

                        Committee Consideration

    The Committee on Financial Services met in open session on 
March 25, 2015, and March 26, 2015, and ordered H.R. 601 to be 
reported favorably to the House without amendment by a recorded 
vote of 57 yeas to 0 nays (Record vote no. FC-14), a quorum 
being present.

                            Committee Votes

    Clause 3(b) of rule XIII of the Rules of the House of 
Representatives requires the Committee to list the record votes 
on the motion to report legislation and amendments thereto. The 
sole vote in committee was a motion by Chairman Hensarling to 
report the bill favorably to the House without amendment. The 
motion was agreed to by a recorded vote of 57 yeas to 0 nays 
(Record vote no. FC-14), a quorum being present.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                      Committee Oversight Findings

    Pursuant to clause 3(c)(1) of rule XIII of the Rules of the 
House of Representatives, the findings and recommendations of 
the Committee, based on oversight activities under clause 
2(b)(1) of rule X of the Rules of the House of Representatives, 
are incorporated in the descriptive portions of this report.

                    Performance Goals and Objectives

    Pursuant to clause 3(c)(4) of rule XIII of the Rules of the 
House of Representatives, the Committee states that H.R. 601 
will end the practice of sending annual privacy disclosures to 
consumers that are redundant, unnecessary, and confusing, by 
exempting financial institutions from the requirement to send 
such disclosures in certain circumstances.

   New Budget Authority, Entitlement Authority, and Tax Expenditures

    In compliance with clause 3(c)(2) of rule XIII of the Rules 
of the House of Representatives, the Committee adopts as its 
own the estimate of new budget authority, entitlement 
authority, or tax expenditures or revenues contained in the 
cost estimate prepared by the Director of the Congressional 
Budget Office pursuant to section 402 of the Congressional 
Budget Act of 1974.

                        Committee Cost Estimate

    The Committee adopts as its own the cost estimate prepared 
by the Director of the Congressional Budget Office pursuant to 
section 402 of the Congressional Budget Act of 1974.

                 Congressional Budget Office Estimates

    Pursuant to clause 3(c)(3) of rule XIII of the Rules of the 
House of Representatives, the following is the cost estimate 
provided by the Congressional Budget Office pursuant to section 
402 of the Congressional Budget Act of 1974:

                                     U.S. Congress,
                               Congressional Budget Office,
                                     Washington, DC, April 7, 2015.
Hon. Jeb Hensarling,
Chairman, Committee of Financial Services,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 601, the Eliminate 
Privacy Notice Confusion Act.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Susan Willie.
            Sincerely,
                                                Keith Hall,
                                                          Director.
    Enclosure.

H.R. 601--Eliminate Privacy Notice Confusion Act

    Under current law, financial institutions must provide 
customers with an annual notice of their policies for 
disclosing personal information about customers to third 
parties. H.R. 601 would exempt financial institutions from that 
requirement if their policies remain unchanged from the most 
recent disclosure statement that was sent to customers.
    CBO estimates that enacting H.R. 601 would increase direct 
spending; therefore, pay-as-you-go procedures apply. However, 
based on information from the Bureau of Consumer Financial 
Protection (CFPB), CBO estimates that enacting H.R. 601 would 
not significantly affect the workload of the agency and any 
additional costs would be insignificant. CBO estimates that 
enacting H.R. 601 would not affect revenues. Implementing the 
bill would not affect discretionary costs because the CFPB is 
permanently authorized to spend amounts transferred from the 
Federal Reserve System.
    H.R. 601 contains no intergovernmental or private-sector 
mandates as defined in the Unfunded Mandates Reform Act and 
would not affect the budgets of state, local, or tribal 
governments.
    The CBO staff contact for this estimate is Susan Willie. 
The estimate was approved by Theresa Gullo, Assistant Director 
for Budget Analysis.

                       Federal Mandates Statement

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates reform 
Act.

                      Advisory Committee Statement

    No advisory committees within the meaning of section 5(b) 
of the Federal Advisory Committee Act were created by this 
legislation.

                  Applicability to Legislative Branch

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations within the meaning of the section 
102(b)(3) of the Congressional Accountability Act.

                         Earmark Identification

    H.R. 601 does not contain any congressional earmarks, 
limited tax benefits, or limited tariff benefits as defined in 
clause 9 of rule XXI.

                    Duplication of Federal Programs

    Pursuant to section 3(g) of H. Res. 5, 114th Cong. (2015), 
the Committee states that no provision of H.R. 601 establishes 
or reauthorizes a program of the Federal Government known to be 
duplicative of another Federal program, a program that was 
included in any report from the Government Accountability 
Office to Congress pursuant to section 21 of Public Law 111-
139, or a program related to a program identified in the most 
recent Catalog of Federal Domestic Assistance.

                   Disclosure of Directed Rulemaking

    Pursuant to section 3(i) of H. Res. 5, 114th Cong. (2015), 
the Committee states that H.R. 601 does not require any 
directed rulemakings.

             Section-by-Section Analysis of the Legislation


Section 1. Short title

    This section cites H.R. 601 as the ``Eliminate Privacy 
Notice Confusion Act.''

Section 2. Exception to annual privacy notice requirement under The 
        Gramm-Leach-Bliley Act

    This section creates an exception to the annual privacy 
notice requirement so long as a financial institution: (1) only 
provides nonpublic personal information in accordance with 
exceptions under the Graham-Leach-Bliley Act (e.g. service 
providers, law enforcement, or as necessary to fulfill a 
transaction requested by the customer) or agency rules; and (2) 
has not changed its privacy policies and practices from those 
disclosed in the most recent disclosure sent to consumers.

         Changes in Existing Law Made by the Bill, as Reported

  In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (new matter is 
printed in italic and existing law in which no change is 
proposed is shown in roman):

GRAMM-LEACH-BLILEY ACT

           *       *       *       *       *       *       *



                            TITLE V--PRIVACY

Subtitle A--Disclosure of Nonpublic Personal Information

           *       *       *       *       *       *       *


SEC. 503. DISCLOSURE OF INSTITUTION PRIVACY POLICY.

  (a) Disclosure Required.--At the time of establishing a 
customer relationship with a consumer and not less than 
annually during the continuation of such relationship, a 
financial institution shall provide a clear and conspicuous 
disclosure to such consumer, in writing or in electronic form 
or other form permitted by the regulations prescribed under 
section 504, of such financial institution's policies and 
practices with respect to--
          (1) disclosing nonpublic personal information to 
        affiliates and nonaffiliated third parties, consistent 
        with section 502, including the categories of 
        information that may be disclosed;
          (2) disclosing nonpublic personal information of 
        persons who have ceased to be customers of the 
        financial institution; and
          (3) protecting the nonpublic personal information of 
        consumers.
  (b) Regulations.--Disclosures required by subsection (a) 
shall be made in accordance with the regulations prescribed 
under section 504.
  (c) Information To Be Included.--The disclosure required by 
subsection (a) shall include--
          (1) the policies and practices of the institution 
        with respect to disclosing nonpublic personal 
        information to nonaffiliated third parties, other than 
        agents of the institution, consistent with section 502 
        of this subtitle, and including--
                  (A) the categories of persons to whom the 
                information is or may be disclosed, other than 
                the persons to whom the information may be 
                provided pursuant to section 502(e); and
                  (B) the policies and practices of the 
                institution with respect to disclosing of 
                nonpublic personal information of persons who 
                have ceased to be customers of the financial 
                institution;
          (2) the categories of nonpublic personal information 
        that are collected by the financial institution;
          (3) the policies that the institution maintains to 
        protect the confidentiality and security of nonpublic 
        personal information in accordance with section 501; 
        and
          (4) the disclosures required, if any, under section 
        603(d)(2)(A)(iii) of the Fair Credit Reporting Act.
  (d) Exemption for Certified Public Accountants.--
          (1) In general.--The disclosure requirements of 
        subsection (a) do not apply to any person, to the 
        extent that the person is--
                  (A) a certified public accountant;
                  (B) certified or licensed for such purpose by 
                a State; and
                  (C) subject to any provision of law, rule, or 
                regulation issued by a legislative or 
                regulatory body of the State, including rules 
                of professional conduct or ethics, that 
                prohibits disclosure of nonpublic personal 
                information without the knowing and expressed 
                consent of the consumer.
          (2) Limitation.--Nothing in this subsection shall be 
        construed to exempt or otherwise exclude any financial 
        institution that is affiliated or becomes affiliated 
        with a certified public accountant described in 
        paragraph (1) from any provision of this section.
          (3) Definitions.--For purposes of this subsection, 
        the term ``State'' means any State or territory of the 
        United States, the District of Columbia, Puerto Rico, 
        Guam, American Samoa, the Trust Territory of the 
        Pacific Islands, the Virgin Islands, or the Northern 
        Mariana Islands.
  (e) Model Forms.--
          (1) In general.--The agencies referred to in section 
        504(a)(1) shall jointly develop a model form which may 
        be used, at the option of the financial institution, 
        for the provision of disclosures under this section.
          (2) Format.--A model form developed under paragraph 
        (1) shall--
                  (A) be comprehensible to consumers, with a 
                clear format and design;
                  (B) provide for clear and conspicuous 
                disclosures;
                  (C) enable consumers easily to identify the 
                sharing practices of a financial institution 
                and to compare privacy practices among 
                financial institutions; and
                  (D) be succinct, and use an easily readable 
                type font.
          (3) Timing.--A model form required to be developed by 
        this subsection shall be issued in proposed form for 
        public comment not later than 180 days after the date 
        of enactment of this subsection.
          (4) Safe harbor.--Any financial institution that 
        elects to provide the model form developed by the 
        agencies under this subsection shall be deemed to be in 
        compliance with the disclosures required under this 
        section.
  (f) Exception to Annual Notice Requirement.--A financial 
institution that--
          (1) provides nonpublic personal information only in 
        accordance with the provisions of subsection (b)(2) or 
        (e) of section 502 or regulations prescribed under 
        section 504(b), and
          (2) has not changed its policies and practices with 
        regard to disclosing nonpublic personal information 
        from the policies and practices that were disclosed in 
        the most recent disclosure sent to consumers in 
        accordance with this section,
shall not be required to provide an annual disclosure under 
this section until such time as the financial institution fails 
to comply with any criteria described in paragraph (1) or (2).

           *       *       *       *       *       *       *


                                  [all]