Questions concerning the issuing and documenting of the initial privacy notice, what is the best practice to be compliant. Should we keep a copy in the loan file, with the new account documents, etc.? Also, should we have them signed to document when and how the customer received the privacy notice? Our bank does not share information, so we do not have the opt-out section on the privacy notice.
As you know, there is not a specific requirement on how you should document compliance with the disclosure of the notice. You need to ensure that you processes and procedure adhere to the requirements and that staff are actually complying with your procedures/notice is actually being provided. In addition to your procedures, I would prefer to see documentation in the file that the notice was provided – this could be through a checklist supporting your procedures or it could be a copy of the notice along with copies of other disclosures that were provided (my preferred method). A signature is not required and I don’t believe it is necessary.