Which regulatory agencies enforce this type of clause?

{'agency': 'CFPB', 'reason': 'CFPB has primary enforcement authority over GLBA annual privacy notice requirements for bank holding companies and their subsidiaries under 12 CFR Part 1016.', 'complaint_url': 'https://www.consumerfinance.gov/complaint/'}

What is the severity of this clause?

ConductAtlas classifies this Annual Privacy Notice Delivery Obligation clause as low severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Annual Privacy Notice Delivery Obligation — Bank of America

Share 𝕏 Share in Share 🔒 PDF

What it is

Federal law requires Bank of America to send you this privacy notice annually and to tell you about your rights to limit certain types of data sharing.

Consumer impact (what this means for users)

You should receive this privacy notice at least once a year; if you stop receiving it or notice material changes, this may indicate a compliance gap or a change in data practices worth investigating.

Cross-platform context

See how other platforms handle Annual Privacy Notice Delivery Obligation and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The annual notice requirement ensures consumers are regularly informed of their data rights, but the notice's complexity means many consumers may not understand or act on the opt-out rights available to them.

View original clause language

This privacy notice is provided by Bank of America, N.A., and its U.S. affiliated companies. Federal law gives you the right to limit only some of this sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GLBA 15 U.S.C. §6803 and implementing regulations (12 CFR Part 1016.5–1016.9) require annual delivery of privacy notices to all consumers with whom the institution has a continuing customer relationship. The FAST Act of 2015 (15 U.S.C. §6803(e)) created an exception to annual notice delivery if (1) no changes have been made to the notice and (2) the institution shares personal information only under GLBA exceptions not requiring opt-out. Enforcement is by CFPB, OCC, and other prudential regulators.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

CFPB

CFPB has primary enforcement authority over GLBA annual privacy notice requirements for bank holding companies and their subsidiaries under 12 CFR Part 1016.
File a complaint →

Provision details

Document information

Document

Bank of America Privacy Notice

Entity

Bank of America

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003321

Document ID

CA-D-00054

Evidence Provenance

Source URL

https://www.bankofamerica.com/privacy/consumer-privacy-notice.go

Wayback Machine

View archived versions →

SHA-256

1d4e65e734a0b2e8cc01b0312c42f36950c5e1ea1c03ab56dfa173a8ebefa627

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Bank of America | Document: Bank of America Privacy Notice | Record: CA-P-003321
Captured: 2026-04-27 11:40:46 UTC | SHA-256: 1d4e65e734a0b2e8…
URL: https://conductatlas.com/platform/bank-of-america/bank-of-america-privacy-notice/annual-privacy-notice-delivery-obligation/
Accessed: May 2, 2026

Classification

Severity

Low

Annual Privacy Notice Delivery Obligation