February 23, 2020

February 21, 2020

Subscribe to Latest Legal News and Analysis

February 20, 2020

Subscribe to Latest Legal News and Analysis

CFTC Allows Certain Dealers and Merchants to Avoid Annual Privacy Notice

Beginning May 28, 2019 certain dealers and merchants will be able to avoid sending out an annual privacy notice, under a revision the Commodity Futures Trading Commission has made to its GLB privacy regulations. Under GLB, financial institutions must send customers annual privacy notices. The law applies to futures commission merchants, commodities trading advisors, commodity pool operators, and introducing brokers through regulations enforced by the CFTC. The CFTC, unlike other regulators that enforce GLB, had not prior to this amendment permitted regulated entities to avoid an annual notice. Other regulators had done so, pursuant to a 2015 amendment to GLB, in certain proscribed circumstances.

Now, as with other regulators, the CFTC will allow covered entities to avoid sending an annual notice provided that the covered entities share nonpublic personal information only in limited circumstances and have not changed their privacy practices since the last-sent privacy notice. The circumstances in which a covered entity can share nonpublic personal information and still avoid sending an annual notice include sharing with a third party to perform services for the covered entity, to perform a transaction that a consumer authorizes, or with the consumer’s consent.

Putting it Into Practice: Entities regulated by the CFTC will now enjoy the same exception to the annual notice requirement as other financial services firms. Companies who are thinking about whether or not the exception applies should examine their sharing practices, as well as understand whether any practices have changed since the last-sent notice.


Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...