Can this be the same thing or should we have two seperate documents?

The Privacy Disclosure is designed to tell customers what information you collect on them, how you use it and whether or not they can opt-out of sharing.

The Privacy Policy (at least ours) is more directed towards protecting the customer information as it's being used within the bank (i.e., GLBA).

Are you talking about the policy disclosure document that you must provide to customers when they open an account and then annually? At my bank, we look upon that document as a notice/disclosure of our privacy policy.

Our Board has approved a general customer information privacy policy and the policy is implemented by a customer information privacy program that is administered by a privacy officer. The program leverages off other programs in place, for example, information security, security incident response, customer complaints, etc.