The language of the provision is as follows:
SEC. 75001. EXCEPTION TO ANNUAL PRIVACY NOTICE REQUIREMENT UNDER THE GRAMM-LEACH-BLILEY ACT.
Section 503 of the Gramm-Leach-Bliley Act (15 U.S.C. 6803) is amended by adding at the end the following:
(f) EXCEPTION TO ANNUAL NOTICE REQUIREMENT.—A financial institution that—
(1) provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 502 or regulations prescribed under section 504(b), and
(2) has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this section, shall not be required to provide an annual disclosure under this section until such time as the financial institution fails to comply with any criteria described in paragraph (1) or (2).
As you may recall, 15 U.S.C. § 6802(b)(2) generally allows financial institutions to provide nonpublic personal information to nonaffiliated third parties to perform services for or functions on behalf of the financial institution, including marketing of certain products or services, if the financial institution fully discloses the providing of such information and enters into a contractual agreement with the third party that requires the third party to maintain the confidentiality of such information.
In addition, 15 U.S.C. § 6802(e) generally allows a number of exceptions to the GLBA’s prohibition on the disclosure of nonpublic personal information.
Thus, if a financial institution meets the exceptions under 15 U.S.C. § 6802(b)(2) or § 6802(e), and has not changed its privacy policies and practices since the time of its most recent disclosure to consumers, a financial institution need not provide the annual privacy notices under the GLBA.
Section 75001 of the FAST Act was signed into law on Dec. 4, 2015, and became effective immediately.