8. Financial Privacy Flashcards
What are the Regulations related to FCRA?
FCRA regulates consumer reporting agencies (CRAs).
• CRAs compile or evaluate personal information to furnish consumer reports to third parties for a fee.
• A “consumer report” is any communication by a CRA, related to an individual, which is used to establish that individual’s eligibility for credit, insurance, employment, etc.
• An “investigative consumer report” gives information about a one’s character, reputation, mode of living, etc. and is obtained through a personal interview.
• FCRA limits the use of medical information obtained from a CRA. If needed for employment purposes, written consent is needed, and medical information
must be relevant.
What are the Provisions related to FCRA?
FCRA mandates accurate and relevant data collection and provides privacy rights in consumer reports.
• Consumers have the ability to access and correct their information
• Limits use of consumer reports to “permissible purposes”
What are the Enforcements related to FCRA?
The FTC, the Consumer Financial Protection Bureau (or CFPB), and state attorneys general enforce the FCRA through:
• Dispute resolution
• Private right of action
• Government actions
What are the key concepts of FACTA?
- the truncation of credit and debit card numbers
- affording consumers the right to an explanation of their credit scores,
- right to a free annual credit report
- requiring regulators to implement the Disposal Rule and the Red Flags Rule
What is the disposal rule under FACTA?
Applies to: Individuals or entities that use consumer reports for business purposes; e.g., consumer reporting agencies, lenders, employers, insurers, landlords, car dealers, attorneys, debt collectors, government agencies
Requirement: Dispose of consumer information in a way that prevents unauthorized access and misuse of the data
Violations: Civil liability as well as federal and state enforcement actions
What is the Red Flag Rule under FACTA?
requires certain financial entities to develop and implement written identity theft detection programs that can identify and respond to “red flags” that signal identity theft.
Applies to: Financial institutions, such as banks, savings and loan associations, credit unions and creditors
Requirements: Develop a set of rules to mandate the detection, prevention and mitigation of identity theft
What are the three key concepts of the GLBA Privacy rule?
- Privacy Notice- initial and annual
- Information Sharing- opt-out and 30 processing
- Compliance
What are the Three levels of security for GLBA safeguard rule?
- Administrative security: Program definition, management of workforce risks, employee training, vendor oversight
- Technical security: Computer systems, networks and applications, access controls and encryption
- Physical security: Facilities, environmental safeguards, business continuity, disaster recovery
What are the Three items on program design for GLBA safeguards rule?
- Ensure the security and confidentiality of customer information
- Protect against any anticipated threats or hazards to information
- Protect against unauthorized access to or use of information that could result in substantial harm or inconvenience to customers
What are the Four program implementations for GLBA safeguards rule?
- Designate an employee to coordinate safeguards
- Identify and assess risks and evaluate the effectiveness of the safeguards
- Design, implement and monitor a safeguard program
- Select and provide oversight of appropriate service providers