[Federal Register Volume 68, Number 249 (Tuesday, December 30, 2003)]
[Proposed Rules]
[Pages 75164-75174]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 03-31992]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 40

[Docket No. 03-27]

FEDERAL RESERVE SYSTEM

12 CFR Part 216

[Docket No. R-1173]

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 332

RIN 3064-AC77

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 573

[Docket No. 2003-62]
RIN 1550-AB86

NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Part 716

FEDERAL TRADE COMMISSION

16 CFR Part 313

RIN 3084-AA94 Project No. 034815

COMMODITY FUTURES TRADING COMMISSION

17 CFR Part 160

RIN 3038-AC04

SECURITIES AND EXCHANGE COMMISSION

17 CFR Part 248

[Release Nos. 34-48966, IA-2206, IC-26316; File No. S7-30-03]
RIN 3235-AJ06


Interagency Proposal to Consider Alternative Forms of Privacy 
Notices Under the Gramm-Leach-Bliley Act

AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC); 
Office of Thrift Supervision, Treasury (OTS); Board of Governors of the 
Federal Reserve System (Board); Federal Deposit Insurance Corporation 
(FDIC); National Credit Union Administration (NCUA); Federal Trade 
Commission (FTC); Commodity Futures Trading Commission (CFTC); and 
Securities and Exchange Commission (SEC).

ACTION: Advance notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The OCC, OTS, Board, FDIC, NCUA, FTC, CFTC, and SEC (the 
Agencies) are requesting comment on whether the Agencies should 
consider amending the regulations that implement sections 502 and 503 
of the Gramm-Leach-Bliley Act (GLB Act) to allow or require financial 
institutions to provide alternative types of privacy notices, such as a 
short privacy notice, that would be easier for consumers to understand.

DATES: Comments must be submitted on or before March 29, 2004.

ADDRESSES: Because the Agencies will jointly review all of the comments 
submitted, interested parties may send comments to any of the Agencies 
and need not send comments (or copies) to all of the Agencies. 
Commenters that submit trade secrets or confidential commercial or 
financial information may request confidential treatment of that 
information in accordance with the Freedom of Information Act (5 U.S.C. 
552) and the Agencies' respective regulations regarding availability of 
information. Because paper mail in the Washington area and at the 
Agencies is subject to delay, please consider submitting your comments 
by e-mail. Commenters are encouraged to use the title ``Alternative 
Forms of Privacy Notices'' to facilitate the organization and 
distribution of comments among the Agencies. Interested parties are 
invited to submit written comments to:
    Office of the Comptroller of the Currency: Public Information Room, 
Office of the Comptroller of the Currency, 250 E Street, SW., Mail stop 
1-5, Washington, DC 20219, Attention: Docket No. 03-27, Fax number 
(202) 874-4448 or Internet address: [email protected]. 
Comments may be inspected and photocopied at the OCC's Public 
Information Room, 250 E Street, SW., Washington, DC. You can make an 
appointment to inspect the comments by calling (202) 874-5043.
    Office of Thrift Supervision: Send comments to Regulation Comments, 
Chief Counsel's Office, Office of Thrift Supervision, 1700 G Street, 
NW., Washington, DC 20552, Attention: No. 2003-62. Delivery: Hand 
deliver comments to the Guard's Desk, East Lobby Entrance, 1700 G 
Street, NW., from 9 a.m. to 4 p.m. on business days, Attention: 
Regulation Comments, Chief Counsel's Office, Attention: No. 2003-62. 
Facsimiles: Send facsimile transmissions to FAX Number (202) 906-6518, 
Attention: No. 2003-62. E-

[[Page 75165]]

Mail: Send e-mails to [email protected], Attention: No. 
2003-62 and include your name and telephone number. Due to temporary 
disruptions in mail service in the Washington, DC area, commenters are 
encouraged to send comments by fax or e-mail, if possible. Availability 
of comments: OTS will post comments and the related index on the OTS 
Internet Site at www.ots.treas.gov. In addition, you may inspect 
comments at the Public Reading Room, 1700 G Street, NW., by 
appointment. To make an appointment for access, call (202) 906-5922, 
send an e-mail to public.info@ots.treas.gov">public.info@ots.treas.gov, or send a facsimile 
transmission to (202) 906-7755. (Please identify the materials you 
would like to inspect to assist us in serving you.) We schedule 
appointments on business days between 10 a.m. and 4 p.m. In most cases, 
appointments will be available the business day after the date we 
receive a request.
    Board of Governors of the Federal Reserve System: Comments should 
refer to Docket No. R-1173 and may be mailed to Ms. Jennifer J. 
Johnson, Secretary, Board of Governors of the Federal Reserve System, 
20th Street and Constitution Avenue, NW., Washington, DC 20551. Please 
consider submitting your comments by e-mail to [email protected], or faxing them to the Office of the Secretary at 
(202) 452-3819 or (202) 452-3102. Members of the public may inspect 
comments in Room MP-500 between 9 a.m. and 5 p.m. on weekdays pursuant 
to section 261.12, except as provided in section 261.14, of the Board's 
Rules Regarding Availability of Information, 12 CFR 261.12 and 261.14.
    Federal Deposit Insurance Corporation: Send written comments to 
Robert E. Feldman, Executive Secretary, Attention: Comments/Executive 
Secretary Section, Federal Deposit Insurance Corporation, 550 17th 
Street, NW., Washington, DC 20429. Comments also may be mailed 
electronically to [email protected]. Comments may be hand delivered to 
the guard station at the rear of the 17th Street building (located on F 
Street) on business days between 7 a.m. and 5 p.m.; Fax Number (202) 
898-3838. Comments may be inspected and photocopied in the FDIC Public 
Information Center, Room 100, 801 17th Street, NW., Washington, DC 
20429, between 9 a.m. and 5 p.m. on business days.
    National Credit Union Administration: Comments should be directed 
to Becky Baker, Secretary of the Board. Mail or hand deliver comments 
to: National Credit Union Administration, 1775 Duke Street, Alexandria, 
VA 22314-3428. You are encouraged to fax comments to (703) 518-6319 or 
email comments to [email protected]. Whatever method you choose, 
please send comments by one method only.
    Federal Trade Commission: Comments should refer to ``Alternative 
Forms of Privacy Notices, Project No. P034815.'' Comments filed in 
paper form should be mailed or delivered to: Federal Trade Commission/
Office of the Secretary, Room 159-H, 600 Pennsylvania Avenue, NW., 
Washington, DC 20580. Comments filed in electronic form (in ASCII 
format, WordPerfect, or Microsoft Word) should be sent to: 
[email protected]. If the comment contains any material for which 
confidential treatment is requested, it must be filed in paper (rather 
than electronic) form, and the first page of the document must be 
clearly labeled ``Confidential.'' \1\ Regardless of the form in which 
they are filed, the Commission will consider all timely comments, and 
will make the comments available (with confidential material redacted) 
for public inspection and copying at the Commission's principal office 
and on the Commission Web site at www.ftc.gov. As a matter of 
discretion, the Commission makes every effort to remove home contact 
information for individuals from the public comments it receives before 
placing those comments on the FTC Web site.
---------------------------------------------------------------------------

    \1\ Commission Rule 4.2(d), 16 CFR 4.2(d). The comment must also 
be accompanied by an explicit request for confidential treatment, 
including the factual and legal basis for the request, and must 
identify the specific portions of the comment to be withheld from 
the public record. The request will be granted or denied by the 
Commission's General Counsel, consistent with applicable law and the 
public interest. See Commission Rule 4.9(c), 16 CFR 4.9(c).
---------------------------------------------------------------------------

    Commodity Futures Trading Commission: Comments should be directed 
to Jean A. Webb, Secretary, Commodity Futures Trading Commission, Three 
Lafayette Centre, 1155 21st Street, NW., Washington, DC 20581. Comments 
may be sent by facsimile transmission to (202) 418-5528 or by e-mail to 
[email protected].
    Securities and Exchange Commission: To help us process and review 
your comments more efficiently, comments should be sent by hard copy or 
e-mail, but not by both methods. Comments sent by hard copy should be 
submitted in triplicate to Jonathan G. Katz, Secretary, Securities and 
Exchange Commission, 450 5th Street, NW., Washington, DC 20549-0609. 
Comments may also be submitted electronically at the following e-mail 
address: [email protected]. All comment letters should refer to 
File No. S7-30-03. This file number should be included on the subject 
line if e-mail is used. Comment letters will be available for public 
inspection and copying in the Commission's Public Reference Room, 450 
5th Street, NW., Washington, DC 20549. All comments received will be 
posted on the Commission's Internet Web site (http://www.sec.gov) and 
made available for public inspection and copying in the Commission's 
Public Reference Room, 450 Fifth Street, NW., Washington, DC 20549.\2\
---------------------------------------------------------------------------

    \2\ The FDIC and SEC do not edit personal, identifying 
information such as names or e-mail addresses from electronic 
submissions. Submit only information you wish to make publicly 
available.

FOR FURTHER INFORMATION CONTACT:
    OCC: Amy Friend, Assistant Chief Counsel, (202) 874-5200; Stephen 
Van Meter, Assistant Director, Community and Consumer Law Division, 
(202) 874-5750; or Heidi Thomas, Special Counsel, Legislative and 
Regulatory Activities Division, (202) 874-5090.
    OTS: Elizabeth C. Baltierra, Program Analyst (Compliance) 
Compliance Policy, (202) 906-6540; or Paul Robin, Special Counsel, 
Regulations and Legislation Division, (202) 906-6648.
    Board: Thomas E. Scanlon, Counsel, Legal Division, (202) 452-3594; 
Minh-Duc T. Le or Ky Tran-Trong, Senior Attorneys, Division of Consumer 
and Community Affairs, (202) 452-3667.
    FDIC: April A. Breslaw, Chief, Compliance Section, (202) 898-6609; 
David P. Lafleur, Policy Analyst, Division of Supervision and Consumer 
Protection, (202) 898-6569; Ruth R. Amberg, Senior Counsel, (202) 898-
3736, or Robert A. Patrick, Counsel, Legal Division, (202) 898-3757.
    NCUA: Regina Metz, Staff Attorney, (703) 518-6561, or Ross Kendall, 
Staff Attorney, Office of General Counsel, (703) 518-6562.
    FTC: Toby Milgrom Levin, Senior Attorney, (202) 326-3713, or 
Loretta Garrison, Senior Attorney, (202) 326-3043.
    CFTC: Laura Richards, Senior Assistant General Counsel, (202) 418-
5126, or David B. Jacobsohn, Counsel, (202) 418-5161, Office of the 
General Counsel.
    SEC: Brian Baysinger, Special Counsel, Office of Chief Counsel, 
Division of Market Regulation, (202) 942-0073; or Penelope Saltzman, 
Senior Counsel, Division of Investment Management, (202) 942-0690.

SUPPLEMENTARY INFORMATION: 

I. Background

    Subtitle A of title V of the GLB Act, captioned Disclosure of 
Nonpublic

[[Page 75166]]

Personal Information (codified at 15 U.S.C. 6801 et seq.), requires 
each financial institution to provide a notice of its privacy policies 
and practices to its consumer customers. In general, the privacy 
notices must describe a financial institution's policies and practices 
with respect to disclosing nonpublic personal information about a 
consumer to both affiliated and nonaffiliated third parties and provide 
a consumer a reasonable opportunity to direct the institution not to 
share nonpublic personal information about the consumer with 
nonaffiliated third parties. The privacy notice must also provide, 
where applicable under the Fair Credit Reporting Act (FCRA), a notice 
and an opportunity for a consumer to opt out of the sharing of certain 
information among affiliates.\3\
---------------------------------------------------------------------------

    \3\ 15 U.S.C. 1681a(d)(2)(A)(iii) (FCRA); 15 U.S.C. 6803(b)(4) 
(GLB Act).
---------------------------------------------------------------------------

    The Agencies have published consistent final regulations that 
implement the privacy provisions of the GLB Act (collectively referred 
to as ``the privacy rule'').\4\ The privacy rule requires a financial 
institution to include in its privacy notices specific items of 
information, such as the categories of nonpublic personal information 
that the institution collects and the categories of third parties to 
which the institution may disclose the information. The rule contains 
sample clauses that institutions may use in privacy notices. The rule 
does not, however, prescribe any specific format or standardized 
wording for these notices. Instead, institutions may design their own 
notices based on their individual practices provided they are 
consistent with the law and meet the ``clear and conspicuous'' standard 
in the rule.
---------------------------------------------------------------------------

    \4\ 12 CFR part 40 (OCC); 12 CFR part 216 (Board); 12 CFR part 
332 (FDIC); 12 CFR part 573 (OTS); 12 CFR part 716 (NCUA); 16 CFR 
part 313 (FTC); 17 CFR part 160 (CFTC); and 17 CFR part 248 (SEC).
---------------------------------------------------------------------------

    Financial institutions first were required to distribute privacy 
notices to their customers by July 1, 2001. Many privacy notices in 
this initial effort were long and complex. Moreover, because the 
privacy rule allows institutions flexibility in designing their privacy 
notices, notices have been difficult to compare, even among financial 
institutions with identical privacy policies.
    In response to broad-based concerns expressed by representatives of 
financial institutions, consumers, privacy advocates, and Members of 
Congress, the Agencies conducted a workshop in December 2001 to provide 
a forum to consider how financial institutions could provide more 
useful privacy notices to consumers. The workshop featured panel 
presentations by financial institutions, consumer advocates, and 
communications experts, and highlighted key communication principles to 
improve the notices. A number of institutions, particularly those with 
complex information-sharing practices, described the challenges they 
faced in explaining their practices and the choices available to 
consumers in a simple fashion while meeting all of the legal 
requirements for notice. Some institutions described results of 
consumer testing and efforts to make their privacy notices clearer and 
more useful to consumers.
    A number of financial institutions have since sought to improve 
their notices. Additionally, some industry groups have been working to 
formulate short, consumer-friendly notices that could accompany the 
longer, legally mandated notices under the rule. The Agencies applaud 
the efforts by consumer advocates and industry to improve privacy 
notices to make them more readable and useful to consumers.
    To encourage and facilitate the efforts already underway, the 
Agencies are considering proposing amendments to the privacy rule to 
provide for privacy notices that are more understandable and useful to 
consumers. The Agencies believe that this effort could benefit 
significantly from the breadth and depth of experience that many 
institutions have gained over the past two years in designing privacy 
notices, as well as the expertise of communications experts and the 
input of consumer organizations and comments from the public. 
Accordingly, the Agencies seek comment on a wide range of issues 
associated with the format, elements, and language used in privacy 
notices that would make the notices more accessible, readable, and 
useful. The Agencies also solicit examples of forms, model clauses, and 
other information, such as applicable research that has been conducted 
in this area, that may provide concrete illustrations or evidence to 
assist the Agencies in considering whether and how to develop various 
proposals.\5\
---------------------------------------------------------------------------

    \5\ As stated above, the Agencies will jointly review all of the 
comments submitted, including those comments submitted to only one 
agency. Commenters may request confidential treatment of any trade 
secrets and commercial or financial information that is privileged 
or confidential information provided to the Agencies in accordance 
with the Freedom of Information Act (5 U.S.C. 552) and the Agencies' 
respective regulations regarding availability of information. 12 CFR 
part 4, subparts B and C (OCC); 12 CFR part 505 (OTS); 12 CFR part 
261, subparts A and B (Board); 12 CFR part 309 (FDIC); 12 CFR 792.29 
(NCUA); 16 CFR 4.10 (FTC); 17 CFR 145.9 (Petition for Confidential 
Treatment) (CFTC); 17 CFR part 200, subpart D (SEC).
---------------------------------------------------------------------------

    Some of the terms and examples used in this Advance Notice of 
Proposed Rulemaking (ANPR) and sample notices are not suitable for 
credit unions, which have an organizational and operational structure 
that is different than other financial institutions. For example, the 
term customer, in the context of credit unions, generally will mean 
member, and while credit unions may form subsidiaries, they do not 
establish corporate affiliations like other financial institutions. 
Nevertheless, because of the predominance of issues that are common to 
all types of financial institutions, the NCUA believes its 
participation is important at this ANPR stage, whether or not it 
ultimately determines to publish a separate, but consistent and 
comparable, rule for credit unions.
    Based on the information collected for this ANPR, including 
information collected through independent research conducted by the 
Agencies, the Agencies will determine whether to propose changes to the 
privacy rule and, if so, will seek further public comment on specific 
proposals. The Agencies expect that consumer testing would be a key 
component in the development of any specific proposals.

II. General Considerations for Improving Privacy Notices

    The Agencies are considering developing a range of alternative 
proposals for public comment to improve the privacy notices that 
financial institutions must provide to consumers under the GLB Act. The 
primary matter the Agencies are now considering is whether to develop a 
model privacy notice that would be short and simple. In order to 
illustrate, generally, this type of short notice and to spur specific 
suggestions for additional ideas that the Agencies should consider, a 
few of the potential alternative approaches are summarized below. These 
alternatives are also intended to help frame a number of important 
questions beyond the design of a short notice, such as whether all 
financial institutions should be required to use the same form of 
notice and whether a short notice could be a substitute for or should 
be a supplement to a longer, more detailed notice. The sample notices 
included in the appendices do not reflect a determination by the 
Agencies that any of these notices would be satisfactory under the 
privacy rule or for any particular financial institution. The Agencies 
note that these alternatives have not been developed as a result of 
specific research or consumer testing and are not being proposed for

[[Page 75167]]

adoption. The Agencies specifically invite suggestions for other 
approaches to improve the readability and usefulness of privacy notices 
as set out in section III.
    As an initial matter, the Agencies request comment on whether to 
pursue the development of a short privacy notice. The Agencies note 
that, should they do so, there are several ways the Agencies could 
exercise their authority for developing a short notice, and the 
Agencies have not settled on any single approach. The Agencies could, 
for example, explore whether an interagency interpretation of the 
privacy rule, perhaps with model forms or language, would promote the 
development of privacy notices that are more understandable and useful 
to consumers. Similarly, the Agencies could develop a set of guidelines 
or best practices that would enable financial institutions to improve 
their privacy notices, or the Agencies could propose amendments to the 
privacy rule. The Agencies request comment on what approaches would be 
most useful to consumers while taking into consideration the burden on 
financial institutions.
    The Agencies have identified the following approaches to simplify 
the privacy notices for consideration by commenters. One approach would 
be for the Agencies to develop a specific format and standardized 
language for a short notice that highlights key elements of an 
institution's privacy policy. For instance, a short notice could 
describe the types of nonpublic personal information an institution 
collects, the institution's policies for sharing that information with 
third parties, and a description of how consumers can opt out of 
information sharing. Like a nutrition label, a standardized notice 
would permit consumers easily to compare these elements of the privacy 
policies of different institutions and to become familiar with the 
standardized format and text. This type of form could include a 
description of how the consumer could obtain a longer, detailed privacy 
notice or be provided in combination with a longer, detailed privacy 
notice. An example illustrating this kind of format and language for a 
short notice appears in Appendix A.
    In a similar approach, the Agencies could develop a short notice 
with a specific format and standardized language that would be designed 
to address all of the relevant elements listed in the GLB Act and the 
privacy rule. Such a notice would permit consumers to compare all 
relevant elements listed under federal law of the privacy policies of 
different institutions. However, since information sharing practices 
may vary, a financial institution may need flexibility in describing 
the categories of affiliated and nonaffiliated parties to whom it 
discloses nonpublic personal information. An example illustrating this 
kind of format and language appears in Appendix B and the categories of 
parties that may be modified by a financial institution appear in 
brackets.
    Another approach to simplifying privacy notices would involve 
establishing a standardized format for privacy notices, but allowing 
financial institutions to provide their own descriptions of their 
privacy policies and practices. This potential approach may simplify 
privacy notices and make them more accessible for consumers, yet would 
permit each financial institution to tailor the language in the notice 
to suit its own privacy policies and practices. An example of a 
standardized format is included in Appendix C. Alternatively, the 
Agencies could prescribe standardized language that a financial 
institution would use to design its own notice without a format 
specified by the privacy rule. Standardized language may facilitate 
comparisons among financial institutions' policies and describe key 
consumer rights so that consumers could become familiar with 
circumstances under which information about them may be disclosed to 
third parties.
    Another approach would be to focus attention on the consumer's 
right to opt out of disclosures available under the institution's 
privacy policies. For example, the opt-out notice could be provided by 
itself, with a statement that the institution's privacy policy is 
available on request. Alternatively, a description of the consumer's 
opt out right and how it could be exercised could be provided on the 
first page of a financial institution's privacy notice. The Agencies 
could prescribe the language, and its placement so as to ensure 
prominence and readability, but not require any further standardization 
of privacy notices. An example of this type of notice is included in 
Appendix D.
    Detailed descriptions of ways to improve privacy notices, such as 
examples of language that may be used, illustrations of formats, and 
references to the particular requirements of the privacy rule that may 
need to be amended, will assist the Agencies in learning about and 
evaluating particular proposals. This ANPR outlines several potential 
approaches. The Agencies invite comment on the advantages and 
disadvantages of these approaches. Also, the Agencies request comment 
on any other approach the Agencies should consider.

III. Request for Comments

    Any change in the privacy rule to provide for short notices raises 
a number of issues. In addition to comment on the various approaches 
discussed above or illustrated in the appendices, the Agencies request 
comment and supporting research and documentation on other matters that 
may be raised by the implementation of a short privacy notice. In 
particular, the Agencies invite comment on the following questions and 
supporting documentation where available:

A. Goals of a Privacy Notice

    1. What should be the goals of a privacy notice? What goals are 
most important?
    2. Should the Agencies pursue the development of a short notice to 
achieve these goals?
    3. Are there any special issues for the Agencies to consider in 
developing a short privacy notice that may arise from potential 
differences between federal and state law requirements?
    4. In what ways should a privacy notice be useful to a consumer? 
Please identify those ways that are the most or least important.

    a. To permit ready comparison among different institutions' privacy 
policies?
    b. To provide sufficient information to make an informed decision 
about whether to opt out?
    c. To highlight the consumer's right to opt out?
    d. To provide convenient mechanisms for the consumer to opt out?
    e. To provide a mechanism for the consumer to opt out in the same 
medium used to provide the privacy notice?
    f. Other ways?

B. Elements of a Privacy Notice

    1. What are the key elements of a privacy policy that a short 
notice should contain?
    2. Are these key elements the same from the perspective of 
institutions and consumers? If not, explain the differences and why.
    3. Is there an optimal number of elements (beyond which would be 
too many) to include in a short notice?
    4. Should a short privacy notice contain, at a minimum, all of the 
relevant elements listed in the GLB Act and the privacy rule? If not, 
should it include a statement advising the consumer that an 
institution's complete privacy policy will be provided upon request?

[[Page 75168]]

    5. Should certain elements, such as a description of a consumer's 
opt-out rights (if applicable), be given prominence or be presented in 
a certain order?
    6. Should statements describing information sharing practices not 
subject to a consumer's right to opt-out, such as whether a financial 
institution discloses information to nonaffiliated financial 
institutions under joint marketing agreements for financial products or 
services, be highlighted in the short notice?

C. Language of a Privacy Notice

    1. Are there particular ``privacy'' terms or words that consumers 
readily understand that should be included in a short notice? Should 
any terms or language currently used in notices be avoided?
    2. Should a financial institution be required to use standardized 
clauses in a short notice?
    3. Rather than using standardized language, should a financial 
institution be permitted to develop its own language in a short notice 
so long as the short notice incorporates specified items of 
information?

D. Format of a Privacy Notice

    1. Should the Agencies develop a standardized graphic design for a 
short notice that financial institutions would use? If so, what graphic 
design would be most suitable for the format of a short notice?
    2. Based on experiences with the current privacy notices or tests 
that have been conducted in this area, what alternative forms of notice 
are likely to be useful to consumers and/or to financial institutions?
    3. Is there a suggested length for a short privacy notice? Is there 
a suggested length for phrases or sentences within a short notice?
    4. Are there suggestions for overall design of the notice, 
including layout, use of color, graphic devices, font(s), and size(s) 
of the text in the notice?
    5. If a financial institution does not disclose information to 
third parties that would be subject to a consumer's right to opt out 
(under either the FCRA or the GLB Act), what form should the privacy 
notice take?
    6. Should an institution be allowed to modify its short privacy 
notice to include elements that may be required under state laws? If 
so, then how can a short notice be designed to include those elements?

E. Mandatory or Permissible Aspects of a Privacy Notice

    1. Should use of a short notice be mandatory for all financial 
institutions?
    2. Should use of standardized language and/or format for a short 
notice be mandatory for all financial institutions? Or should each 
institution be permitted to create its own short notice following 
agency guidelines?
    3. If a short notice is standardized, should only part(s) of the 
notice be mandatory, and, if so, what part(s)? Or should all of a 
standardized short notice be mandatory?
    4. If use of standardized part(s), such as standardized clauses, is 
not required, should the Agencies create a safe harbor from 
administrative enforcement for financial institutions that use the 
standardized parts in their notices (or a whole, standardized notice)?
    5. Should an institution be required or permitted to deliver both a 
short notice and a long notice?
    6. Financial institutions that generally do not share information 
with third parties--such as those that do not have any affiliates and 
do not share information in a manner that is subject to a consumer's 
right to opt out under the FCRA or the GLB Act and do not engage in 
joint marketing agreements--currently may have abbreviated and simple 
notices. If a short notice is mandated, should the Agencies make an 
exception to allow these institutions to continue to use the simple, 
abbreviated notices they currently use? Alternatively, should the 
Agencies prescribe a special short notice for these institutions to 
use?
    7. Some financial institutions offer consumers choices to opt out 
of information-sharing arrangements that are not mandated by either the 
FCRA or the GLB Act, such as the ability to opt out of an institution's 
own marketing or joint marketing arrangements with nonaffiliated 
financial institutions for financial products or services. If a short 
notice is mandated, should the Agencies allow these institutions to 
include in the short notice information about these additional choices 
to opt out?
    8. Should the Agencies allow financial institutions to include 
other information that relates to their privacy policies and practices 
in their short notices? For instance, should a financial institution 
that shares information with affiliates for marketing purposes only if 
a customer opts in to the sharing be permitted to include this 
information in a short notice?

F. Costs and Benefits of a Short Notice

    With respect to consumers or financial institutions, or both:
    1. What are the costs and benefits of providing a short notice and 
how do they compare with the requirements under the current privacy 
rule?
    2. How, if at all, do the costs and benefits of a short notice 
depend on:
    a. Whether the notice is mandatory or permissible?
    b. Whether the format of the notice is standardized? On whether the 
language is standardized?
    c. Whether the use of a short notice requires financial 
institutions to make supplemental privacy information available upon 
request?

G. Additional Information

    1. Are there any models or samples of notices that work 
particularly well with consumers that the Agencies should consider? 
Provide any samples and research or supporting documentation.
    2. Provide the results and supporting research or documentation of 
any consumer testing that has been conducted in this area.
    3. What processes or types of consumer testing should the Agencies 
use to evaluate standardized terms or language, formats for notices, 
and short notices?
    4. If the Agencies adopt an alternative form of notice, should 
consumer education accompany introduction of the new type of notice? If 
so, what type of consumer education would be effective?

IV. Conclusion

    In the event that the Agencies decide to proceed, the Agencies 
expect to do so through proposed rulemaking. In addition to evaluating 
the comments submitted in response to this ANPR, the Agencies 
contemplate that consumer testing would be an important element of the 
development of any alternative type of privacy notice.

    By Order of the Board of Directors.

    Dated at Washington, DC, this 2nd day of December, 2003. Federal 
Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.

    By the National Credit Union Administration Board on December 
18, 2003.
Becky Baker,
Secretary of the Board.


[[Page 75169]]


    Dated: December 22, 2003.
By the Securities and Exchange Commission.
Margaret H. McFarland,
Deputy Secretary.

    Dated: December 8, 2003.
By the Office of Thrift Supervision,
James E. Gilleran,
Director.

    Dated: December 18, 2003.
Jean A. Webb,
Secretary of the Commodity Futures Trading Commission.

    Dated: November 14, 2003.
John D. Hawke, Jr.,
Comptroller of the Currency.

    Dated: December 17, 2003.
By Direction of the Commission.
Donald S. Clark,
Secretary.

    By order of the Board of Governors of the Federal Reserve 
System, December 22, 2003.
Jennifer J. Johnson,
Secretary of the Board.
BILLING CODE 4810-33-P; 6210-01-P; 6714-01-P; 6720-01-P; 7535-01-P; 
6750-01-P; 6351-01-P; 8010-01-P

[[Page 75170]]

[GRAPHIC] [TIFF OMITTED] TP30DE03.000


[[Page 75171]]


[GRAPHIC] [TIFF OMITTED] TP30DE03.001


[[Page 75172]]


[GRAPHIC] [TIFF OMITTED] TP30DE03.002


[[Page 75173]]


[GRAPHIC] [TIFF OMITTED] TP30DE03.003


[[Page 75174]]


[GRAPHIC] [TIFF OMITTED] TP30DE03.004

[FR Doc. 03-31992 Filed 12-29-03; 8:45 am]
BILLING CODE 4810-33-C; 6210-01-C; 6714-01-C; 6720-01-C; 7535-01-C; 
6750-01-C; 6351-01-C; 8010-01-C