(1) Licensees must comply with GLBA, as amended, and Regulation P. Unless subject to an exception under GLBA, as amended, licensees must at a minimum:
(a) Provide customers with initial and annual notices regarding their privacy policies. These notices describe whether and how the licensee shares consumers' nonpublic personal information, including personally identifiable financial information, with other entities; and
(b) If licensees share certain customer information with particular types of third parties, the institutions are also required to provide notice to their customers and an opportunity to opt out of the sharing. If a licensee limits its types of sharing to those which do not trigger opt-out rights, it may provide a "simplified" annual privacy notice to its customers that does not include opt-out information. If a licensee's compliant privacy policy has not changed, additional notices may not be required.
(2) See GLBA, as amended, and Regulation P at 12 C.F.R. Part 1016 for the required details.
[Statutory Authority: Chapter
43.320 RCW, RCW
31.04.165. WSR 16-08-026, § 208-620-572, filed 3/30/16, effective 4/30/16.]