Experience 19 is coming! Join us in San Francisco to discover, think big and pave the road ahead... Experience 19 is coming!
Join us in San Francisco
Register Today

Consumer Privacy Policy Manual

As advances in technology continue to be made, concern for consumer privacy and protection grows. The Gramm-Leach-Bliley Act, Regulation P - Privacy of Consumer Financial Information, and the Dodd-Frank Act are just two of various means established to protect consumer privacy. It is essential for the topic of consumer privacy to be addressed by every business.


Do you need to establish your Consumer Privacy Policy? Don't know where to start? We do, with AllRegs Consumer Privacy Policy Manual.

This policy manual is ready for personalization with your company's name, with sections on the Regulation P, Consumer Privacy Disclosure Requirements, and Safeguarding Confidential Information. Complete with sample forms, document destruction details, firewall procedures, data center security requirements, and more, this manual has everything you need to put your Consumer Privacy Policy in place.

The following agencies, federal offices, and/or entities require implementation of this manual:

  • Consumer Financial Protection Bureau
  • Fannie Mae
  • Freddie Mac
  • Federal Trade Commission
  • OCC
  • HUD


The policy features the following benefits:

  • Supports strong operational practices and preparedness
  • Explains roles and responsibilities
  • Meets regulatory or internal compliance requirements
  • Includes Example Forms, including variations on the Consumer Opt-Out Forms

Optional Services

Maintenance: Receive regular and ongoing industry updates to keep your policy within regulatory requirements.

Publishing: Publish your manual, including your company procedures, in AllRegs Online to complete your policy manual solution.

Contact your account manager for information regarding these optional services!

Policy Manual
Consumer Privacy
Section Title Priority Action
1.1 Goals and Objectives Mandatory Review Include the point of view or culture of your organization in this section, if applicable.
1.2 Required Review Mandatory Review Be sure this accurately reflects your company’s annual policy review process.
2.1 Internal Controls Mandatory Review Include or reference related procedures in this section.
3 Staff and Training Mandatory Review Include the means by which your organization provides and tracks required training.
4.1 State Compliance Recommended Best Practice Determine if your organization issubject to more restrictive requirements as imposed by the states in which you do business.
4.8.1 Electronic Delivery of Privacy and Opt-Out Notices Mandatory Review If your organization does not deliver notices electronically, you should consider noting that or remove the section.
4.9.4 Exceptions for Annual Notice Recommended Best Practice Consider if your organization may make use of the exception as permitted by CFPB.
6.2 Fannie Mae Requirements Recommended Best Practice If you do not sell to Fannie Mae, you may wish to remove these Fannie Mae requirements for safeguarding consumer information.
6.2.1 Obligations for a Data Breach Incident Recommended Best Practice Procedures for managing data breaches must be in place for Fannie Mae Seller/Servicers. You may remove this section if you do not sell to Fannie Mae.
9 Administrative Access Control Optional Enhancement This section references responsibilities of the compliance officer and the chief security officer. If you use different job titles, you should update these references.
12 Document Destruction Optional Enhancement There is a reference to your security officer. If you use a different job title, you should update this reference.
13 Model Forms Optional Enhancement Consider replacing these sample forms with the forms currently in use by your organization.