Research and Statistics

Rule makes privacy statements more meaningful


Banks can skip mailing their privacy statements as long as they don’t share your information in ways that are restricted by law

The editorial content below is based solely on the objective assessment of our writers and is not driven by advertising dollars. However, we may receive compensation when you click on links to products from our partners. Learn more about our advertising policy.

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Please see the bank’s website for the most current version of card offers; and please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

You should be getting fewer privacy notices — but more actual privacy — under a new rule finalized Monday by the U.S. Consumer Financial Protection Bureau.

The regulation lets financial companies stop sending you their privacy policies by mail under one important condition: that they do not share your financial details in ways that trigger your right to opt out.

Under the Gramm-Leach-Bliley Act, financial companies, including credit card issuers, must allow customers to opt out of certain types of information sharing. You can say “no” to sharing your nonpublic personal information with outside companies for marketing purposes, for example. You can also limit the use of certain information by the company’s own affiliates.

In California and Vermont things work slightly differently: companies may share customers’ information only if customers opt in.

Some information sharing, however, such as reporting your payment status to credit bureaus, is a condition of having the account, and no opt-out is available in any state.

One privacy advocate applauded the move toward fewer mailings.

“It would serve as an inducement for banks to provide a greater level of privacy to their customers, just to save the cost of mailing those notices,” said Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse.

About one in four banks shares information covered by the opt-out requirement, according to an industry estimate that was cited by the CFPB.

Until the rule change, financial institutions had to inform their customers, via a disclosure notice mailed annually, what kind of sharing they do. The new rule lets financial companies avoid mailing the annual notices and just post their policies online — if they restrict the use of their customers’ information to the point where there is nothing they could opt out of. Policies must be available on the Internet to customers and noncustomers alike, the rule says. The company must tell customers about the existence of the online material and alert them to changes via monthly statements or other regular communications.

When privacy statements do arrive by mail, they will be more meaningful. Receiving a paper copy means your financial details are probably being used in ways you could limit.

Financial counselors recommend exercising your opt-out rights to reduce the sharing of the information — and not just to cut down on unwanted marketing pitches. Shared data may include sensitive details that can be used for fraud or identity theft if they fall into the wrong hands. Breaches and misuse of information by data brokers have heightened concerns about data sharing.

Under the new rule, financial companies must also use a model disclosure form designed by regulators in order to skip the mailings and post the privacy notice online. The model form is displayed as a chart with question-and-answer format.

“Posting privacy notices online will make it easier for consumers to access these important policies, while also making it cheaper for financial institutions to provide disclosures,” CFPB Director Richard Cordray said in an announcement.

See related:Privacy disclosure statements let you opt out of info sharing,

What’s up next?

In Research and Statistics

Cardholder annual privacy statements: You have limited opt-out options

Cardholders are limited in preventing card issuers from sharing their personal information, but federal law lets you opt out of some info sharing (and annoying marketing)

Published: October 21, 2014

See more stories
Credit Card Rate Report Updated: April 19th, 2019
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.