Q. I am a small financial institution with no affiliates. I do not disclose information about my customers or consumers to anyone, except as permitted by an exception under §§ 216.14 and 216.15 of the Privacy Rule.2 Does the Privacy Rule apply to a small operation like mine?
A. Yes. You have responsibilities under the Privacy Rule regardless of your size, affiliate relationships, or information collection and disclosure practices. The Privacy Rule is focused not only on regulating the disclosure of financial information about customers and consumers, but also on requiring each financial institution to provide initial and annual notices of its policies to its customers. You may, however, provide notice in a simplified form, as illustrated by the notice described in § 216.6(c)(5).
This can be found in FAQ A.2. of the Regulation P FAQs. The FAQs can be found at http://www.federalreserve.gov/regulations/cg/faq.pdf