Annual privacy notices no longer needed for certain agencies
A number of agencies may no longer need to send their privacy notices on an annual basis. Effective immediately, the Delaware Department of Insurance (DOI) issued Bulletin No. 97 to align Delaware with a change that was made to the federal Gramm Leach Bliley Act (GLBA) in late 2015.
The GLBA originally drove the adoption of countrywide regulations requiring all financial institutions (including insurance agencies) to notify their consumers and customers of their privacy practices:
- when first contact is made or the customer relationship is established and
- annually thereafter
Bulletin No. 97 now allows agencies to discontinue the annual notice as long as the agency:
- only shares nonpublic personal information within the limited exceptions allowed by the regulation (for service providers and joint marketing, for processing and servicing transactions, and for “other” limited circumstances) and
- has not changed its privacy policies and practices since the last notice provided by the agency
Bottom line: If your agency does not share information with nonaffiliated third parties other than as permitted or required by law, you should be able to stop sending the annual privacy notice until your practices and/or your notice change. Again, this only applies to the notice that must be sent annually; the initial privacy notice must still be provided.
The change will be formalized through an amended regulation, but the issuance of a bulletin allows the industry to take advantage of the change immediately. If you’d like a refresher on your duties under the privacy regulation, including access to various samples, our privacy resources have been updated to reflect the change.
Access our resources on privacy (start with “Where are you on the path to compliance?”)