Ch. 9 - Financial Privacy Quiz Flashcards
1
Q
What is the central bank of the United States?
A. Treasury
B. Federal Reserve
C. Department of Commerce
D. IRS
A
B. The Federal Reserve
2
Q
Which act regulates financial institutions and their management of nonpublic personal information?
A. Fair Credit Reporting Act (FCRA)
B. Fair and Accurate Credit Transactions Act (FACTA)
C. Gramm-Leach-Bliley Act (GLBA)
D. Dodd-Frank Wall Street Reform and Consumer Protection Act
A
C. Gramm-Leach-Bliley Act (GLBA)
3
Q
True or false?
The Fair Credit Reporting Act (FCRA) amended the Fair and Accurate Credit Transactions Act (FACTA).
A
False
4
Q
What does CRA stand for?
A. Credit Reform Act
B. Consumer reporting agency
C. Cooperate retail authorities
D. Confirmed right of access
A
B. Consumer reporting agency
5
Q
Under the GLBA Privacy Rule, what must a privacy notice include? Select all that apply.
A. What is collected
B. With whom information is being shared
C. How information will be safeguarded
D. How consumers can opt out
A
A. What is collected B. With whom information is being shared
C. How information will be safeguarded
D. How consumers can opt out
6
Q
Which act regulates financial institutions and their management of nonpublic personal information?
A. Fair Credit Reporting Act (FCRA)
B. Fair and Accurate Credit Transactions Act (FACTA)
C. Gramm-Leach-Bliley Act (GLBA)
D. Dodd-Frank Wall Street Reform and Consumer Protection Act
A
C. Gramm-Leach-Bliley Act (GLBA)
7
Q
Under the U.S. National Do Not Call (DNC) Registry, how often must telemarketers update their call lists?
A. Annually
B. Every 31 days
C. Every two months
D. Semi-annually
A
B. Every 31 days
8
Q
True or False
The Fair Credit Reporting Act (FCRA) amended the Fair and Accurate Credit Transactions Act (FACTA).
A
False
9
Q
What does CRA stand for?
A. Credit Reform Act
B. Consumer reporting agency
C. Cooperate retail authorities
D. Confirmed right of access
A
B. Consumer reporting agency
10
Q
True or False
The FACTA Disposal Rule requires any entity that uses a consumer report for a business purpose to dispose of it in a way that prevents unauthorized access and misuse of the data.
A
True
11
Q
What are some major components of financial privacy? Select all that apply.
A. Confidentiality
B. Laws and regulations
C. Security
D. Anonymity
A
A. Confidentiality
B. Laws and regulations
C. Security
12
Q
Which authority was created by the Dodd-Frank Wall Street Reform and Consumer Protection Act?
A. Bureau of the Fiscal Service (Fiscal Service)
B. Consumer Financial Protection Bureau (CFPB)
C. Bureau of Consular Affairs (CA)
D. Federal Financing Bank (FFB)
A
B. Consumer Financial Protection Bureau (CFPB)
13
Q
Which of the following was the first national privacy law to be enacted?
A. Fair Credit Reporting Act
B. Fair Information Practice Principles
C. PHIPA (Personal Health Information Protection Act)
D. EU Data Protection Directive
A
A. Fair Credit Reporting Act
14
Q
Identity theft provisions were added to the Fair Credit Reporting Act (FCRA) in:
A. 1990
B. 1996
C. 2000
D. 2003
A
D. 2003
15
Q
The US FCRA (Fair Credit Reporting Act) covers:
A. persons that compile consumer reports
B. persons who use consumer reports
C. consumers who have data collected
D. both a and b only
A
D. both a and b only
16
Q
Consumer reports include information that pertains to:
A. public information only.
B. an individual’s financial information only.
C. seven specific factors about an individual.
D. financial information and employment history.
A
C. seven specific factors about an individual.
17
Q
Which of the following is FALSE, according to the FCRA (Fair Credit Reporting Act)?
A. Consumer reports can only be used for permissible purposes.
B. It is prohibited to use third party data.
C. Consumers must have access to their reports and correct/dispute any errors.
D. Compilers and users of consumer reports must comply with other requirements on users and furnishers of consumer information.
A
B. It is prohibited to use third party data.
18
Q
All of the following bodies enforce the US Fair Credit Reporting Act (FCRA) EXCEPT:
A. FTC (Federal Trade Commission)
B. state attorneys general
C. FCC (Federal Communications Commission)
D. individuals
A
C. FCC (Federal Communications Commission)
19
Q
The US Federal financial privacy law is the:
A. Gramm-Leach-Bliley Act
B. Fair Credit Reporting Act
C. Fair and Accurate Credit Transactions Act
D. California SB 1368
A
A. Gramm-Leach-Bliley Act
20
Q
The GLBA (Gramm-Leach-Bliley Act) covers:
A. US-based financial institutions
B. financial data processors
C. educational institutions for financial professionals
D. any entity that significantly engages in financial activities
A
D. any entity that significantly engages in financial activities
21
Q
Which of the following is regulated by the GLBA (Gramm-Leach-Bliley Act)?
A. information that a consumer provides to a financial institution
B. non-public personal financial information
C. information from a transaction between a financial institution and a consumer
D. information that a financial institution has regarding a consumer
A
B. non-public personal financial information
22
Q
The GLBA (Gramm-Leach-Bliley Act) requires all of the following, EXCEPT:
A. financial institutions are prohibited from sharing information with other companies or service providers.
B. financial institutions must give consumers an opportunity to opt-out of sharing data.
C. financial institutions must provide consumer customers with notices about privacy and security.
D. financial institutions may share data with other financial institutions.
A
A. financial institutions are prohibited from sharing information with other companies or service providers.
23
Q
According to the GLBA (Gramm-Leach-Bliley Act), financial institutions may share consumer information with all of the following entities, without an opt-out process, EXCEPT:
A. affiliated companies
B. non-affiliated companies
C. other financial institutions
D. joint marketing partners
A
B. non-affiliated companies
24
Q
Together, the FTC (Federal Trade Commission) and federal financial regulators published which of the following to support the GLBA (Gramm-Leach-Bliley Act)?
A. Privacy Rule
B. Safeguards Rule
C. Security Rule
D. both a and b
A
D. both a and b
25
According to the GLBA (Gramm-Leach Bliley Act) Safeguards Rule, all of the following types of security are required except:
A. technical security
B. physical security
C. access security
D. administrative security
C. access security
26
According to the GLBA (Gramm-Leach-Bliley Act) Safeguards Rule, which of the following is NOT included under technical security requirements?
A. computer system security
B. encryption
C. risk assessments
D. access control
C. risk assessments
27
All of the following parties are able to enforce the GLBA (Gramm-Leach-Bliley Act) EXCEPT:
A. state attorneys general
B. individuals
C. FTC
D. financial institution regulators
B. individuals
28
All of the following parties are able to enforce the California SB 1, EXCEPT:
A. individuals
B. California state banking regulators
C. FTC
D. California attorney general
C. FTC
29
The Gramm- Leach-Bliley Act is also known as:
A. the Financial Services Modernization Act
B. The Children's Privacy Protection Act
C. The Privacy Act
D. The Glass- Steagall Act
A. the Financial Services Modernization Act
30
Who must comply with the Safeguards rule of the Gramm-Leach-Bliley Act?
A. all Financial Institutions
B. the U.S. Government
C. consumer reporting agencies
D. any entities that handle financial information
A. all Financial Institutions
C. consumer reporting agencies
D. any entities that handle financial information
31
Title V of the Gramm-Leach-Bliley Act deals with:
A. Creating information security plans
B. Disclosure of financial information to affilIated and non-affiliated third parties
C. How GLBA affects the Fair Credit Repirting Act
D. The required contents of a compliant privacy notice
B. Disclosure of financial information to affiloated and non-affiliated third parties
32
What is a customer as defined under the Gramm Leach Biley Act?
A. any individual that makes use of a financial institution's services
B. any individual with whom the financial institution has done business with in the past,
c. any individual with a long-standing relationship with a financial institution
D. any individual with a history on file with a credit reporting agency.
c. any individual with a long-standing relationship with a financial institution
33
What information is protected under the Privacy Rule of the Gramm-Leach-Bliley Act?
A. all information collected from the customer
B. all personally identifiable information
C. all information not part of the public record
D. all financial information
C. all information not part of the public record
34
Which of the following is true about the Gramm-Leach-Bliley Act?
A. Customers must receive a copy of the financial institution's privacy notice annually
B. An employee must be designated to ensure enforcement of the Safeguards Rule
C. An employee must be designated to ensure enforcement of the Security Rule
D. Financial account numbers may not be shared with nonaffiliated third parties.
A. Customers must receive a copy of the financial institution's privacy notice annually
B. An employee must be designated to ensure enforcement of the Safeguards Rule
D. Financial account numbers may not be shared with nonaffiliated third parties
35
Examples of safeguards to be used pursuant to the Safeguards Rule of the Gramm- Leach-Bliley Act include:
A. remote access
B. employee training
C .encryption
D. disaster recovery plans
B. employee training
C .encryption
D. disaster recovery plans
36
Which of the following statements regarding the FCRA (Fair Credit Reporting Act) is NOT true?
A. The FCRA applies whenever criminal records are accessed to make a decision about employment.
B. Usage of third-party data for employment screening is prohibited under the FCRA.
C. Use of search engines to screen prospective employees is prohibited.
D. Employers require the employees written consent to use consumer reports for decision making purposes (e.g. qualification for a promotion).
B. Usage of third-party data for employment screening is prohibited under the FCRA.
37
As part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information?
A) GLBA
B) PCI
C) SOX
D) FIRPA
A) GLBA
Explanation:
The Gramm-Leach-Bliley Act (GLBA) includes privacy provisions for individuals and provides opt-out methods to restrict information sharing with third-party firms.
38
The Gramm- Leach-Bliley Act (GLBA) is also known as:
A. the Financial Services Modernization Act
B. The Children's Privacy Protection Act
C. The Privacy Act
D. The Glass- Steagall Act
A. the Financial Services Modernization Act
39
Who must comply with the Safeguards rule of the Gramm-Leach-Bliley Act? (Select all that apply)
A. all Financial Institutions
B. the U.S. Government
C. consumer reporting agencies
D. any entities that handle financial information
A. all Financial Institutions
C. consumer reporting agencies
D. any entities that handle financial information
40
Title V of the Gramm-Leach-Bliley Act deals with:
A. Creating information security plans
B. Disclosure of financial information to affilIated and non-affiliated third parties
C. How GLBA affects the Fair Credit Repirting Act
D. The required contents of a compliant privacy notice
B. Disclosure of financial information to affiloated and non-affiliated third parties
41
What information is protected under the Privacy Rule of the Gramm-Leach-Bliley Act?
A. all information collected from the customer
B. all personally identifiable information
C. all information not part of the public record
D. all financial information
C. all information not part of the public record
42
Which of the following is true about the Gramm-Leach-Bliley Act?
A. Customers must receive a copy of the financial institution's privacy notice annually
B. An employee must be designated to ensure enforcement of the Safeguards Rule
C. An employee must be designated to ensure enforcement of the Security Rule
D. Financial account numbers may not be shared with nonaffiliated third parties.
A. Customers must receive a copy of the financial institution's privacy notice annually
B. An employee must be designated to ensure enforcement of the Safeguards Rule
D. Financial account numbers may not be shared with nonaffiliated third parties
43
Examples of safeguards to be used pursuant to the Safeguards Rule of the Gramm- Leach-Bliley Act include:
A. remote access
B. employee training
C .encryption
D. disaster recovery plans
B. employee training
C .encryption
D. disaster recovery plans
44
What is a customer as defined under the Gramm Leach Biley Act?
A. any individual that makes use of a financial institution's services
B. any individual with whom the financial institution has done business with in the past,
C. any individual with a long-standing relationship with a financial institution
D. any individual with a history on file with a credit reporting agency.
C. any individual with a long-standing relationship with a financial institution
45
True or false?
Under the GDPR, both controllers and processors have record-keeping obligations.
True
46
What does the Fair Credit Reporting Act regulate, regarding consumer information?
A. information collection
B. information disclosure
C. information use
D. information creation
A. information collection
B. information disclosure
C. information use
The Fair Credit Reporting Act (FCRA) is a federal law that helps to ensure the accuracy, fairness and privacy of the information in consumer credit bureau files. The law regulates the way credit reporting agencies can collect, access, use and share the data they collect in your consumer reports.?
47
Under the Fair Credit Reporting Act, how many free credit reports may U.S. citizens request per year?
A. 1
B. 5
C. 6
D. 12
A. 1
The federal Fair Credit Reporting Act (FCRA) (15 U.S.C. § 1681 and following) regulates "consumer reporting agencies" and "consumer reports."
You have certain rights under the FCRA, including the right to access your credit file, the right to correct any inaccuracies in your credit reports, the right to seek damages against those who violate the law
The FCRA requires consumer reporting agencies to adopt reasonable procedures for gathering, maintaining, and distributing information.
Regulations under the FCRA, effective as of July 1, 2010, require anyone furnishing information to consumer reporting agencies, including original creditors and debt collectors, to have reasonable policies and procedures for ensuring the accuracy and integrity of the information they report.
The FCRA also regulates who can access credit reports. A credit reporting agency can provide information about you only to people with a valid reason. The FCRA specifies those with a valid need for access, like creditors, potential creditors, insurers, employers, landlords, and certain other businesses, such as utility companies.
Under the FCRA, you have the right to dispute both the accuracy and the completeness of items in your file, not just inaccurate information. The distinction between accuracy and completeness can be important. For example, your credit report might state accurately that a creditor sued you. But this information might be incomplete because you later paid the debt, or were not actually liable for it. You can dispute the information about the lawsuit because it is incomplete. Inaccurate, incomplete, or unverifiable information usually has to be removed or corrected within 30 or 45 days.
In most cases, a consumer reporting agency may not report negative information that is more than seven years old or bankruptcies that are more than ten years old.
You have the right to get all the information about you contained in the files that a consumer reporting agency prepared, called a "file disclosure." Sometimes the file disclosure is free; other times, you might have to pay a fee. You can get one free credit report every 12 months upon request from each nationwide credit reporting agency.
You can also get a free file disclosure in certain situations, like if:
someone takes an adverse action against you, like denying you credit, because of information in your credit report (you must ask for your report within 60 days after you receive notice about the adverse action)
you're a victim of identity theft, and you've put a fraud alert in your file
your file has inaccurate information because of fraud
you're on public assistance, or
you're unemployed, but you plan to apply for employment within 60 days.
If someone uses your credit report or another type of consumer report to take some other adverse action against you—like denying your application for credit, insurance, or employment—they must let you know. They also have to give you the name, address, and telephone number of the agency that provided the information.
Employers Must Get Your Consent Before Getting Your Credit File
A consumer reporting agency generally can't give your file to your employer, or a potential employer, without your written consent.
You May Seek Damages From FCRA Violators
The FCRA lets you sue a credit reporting agency (or other person or entity that violates the law) for negligent or willful noncompliance with the law within two years after you discover the harmful behavior or within five years after the harmful behavior occurs, whichever is sooner.
Identity Theft Victims and Active-Duty Military Personnel Have Certain Rights
The FCRA provides certain rights for victims of identity theft and military personnel. For example, identity theft victims may ask businesses for a copy of transaction records (like credit applications) relating to the theft. Military personnel may place an active duty alert on their credit reports.
48
Under the Fair Credit Reporting Act, delinquent information may remain on a consumer's credit report for how many years?
A. 1
B. 5
C. 7
D. 12
C. 7
49
What does the Fair and Accurate Credit Transactions Act of 2003 amend?
A. First Amendment
B. HIPAA
C. Fair Credit Reporting Act
D. Telephone Consumer Protection Act
C. Fair Credit Reporting Act
The Fair and Accurate Credit Transactions Act of 2003 (“FACT ACT” or “FACTA”) was Congress' second major amendment and expansion of the FCRA.
50
What is a primary concern of the Fair and Accurate Credit Transactions Act of 2003?
A. telecommunications fraud
B. medical records privacy
C. identity fraud
D. patient privacy
C. identity fraud
The Fair and Accurate Credit Transactions Act of 2003 (“FACTA”) added to the FCRA significant provisions designed to prevent identity theft, control the consequences of identity theft to victims' credit records, and help victims cleanse their credit records of identity-theft related information.
51
The Financial Services Modernization Act repealed some aspects of what Act?
A. Health Insurance Portability and Accountability Act
B. Fair Credit Reporting Act
C. Glass-Steagall Act
D. Junk Fax Prevention Act
C. Glass-Steagall Act
The Financial Services Modernization Act of 1999, otherwise known as the Gramm-Leach-Bliley Act (“GLBA”), repealed banking regulations from the 1930s – the Glass-Steagall (1933) and the Bank Holding Company Act (1956). Those laws prevented the merger of commercial banks, stock brokerage companies, and insurance companies. GLBA also introduced the Financial Privacy Rule and the Safeguards Rule, which required financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data, respectively. In enacting GLBA, Congress aimed to “modernize” the financial services industry. By annulling Glass-Steagall and Bank Holding Company Act protections, GLBA encouraged consolidation in the financial services industry. Financial services companies created financial holding companies, which were now overseen by the Federal Reserve.[1] Experts continue to debate the lasting effects of this act. Critics often argue that GLBA contributed to the financial crisis of 2008 by deregulating the banking sector and removing restrictions on commercial bank securities activities. GLBA supporters contend that not passing GLBA, or later repealing it, would not have prevented the financial crisis, which resulted from bad investments by large, poorly capitalized financial institutions.[2]
52
According to the Gramm-Leach-Bliley Act, financial institutions must give customers a privacy notice that:
A. details what information the institution will collect about the customer
B. details how information collected about the customer will be shared with outside parties
C. details how the institution will protect the information it collects about the customer
D. offers a free copy of the customer's credit report
A. details what information the institution will collect about the customer
B. details how information collected about the customer will be shared with outside parties
C. details how the institution will protect the information it collects about the customer
Financial institutions covered by the Gramm-Leach-Bliley Act must tell their customers about their information-sharing practices and explain to customers their right to "opt out" if they don't want their information shared with certain third parties.
The Gramm-Leach-Bliley Act (GLBA) includes provisions designed to address concerns over how consumer data would be collected, used, and shared among financial institutions. The GLBA’s privacy provisions mandate privacy notices and place limitations on the sharing of nonpublic personal information (NPI), defined as “personally identifiable financial information (i) provided by a consumer to a financial institution, (ii) resulting from a transaction or any service performed for the consumer, or (iii) otherwise obtained by the financial institution.”1 The financial institutions subject to the GLBA encompass any entities that are significantly engaged in financial activities, including banks, insurance providers, securities firms, mortgage lenders, and others.2 The GLBA’s privacy protections generally apply to consumers, i.e., individuals who obtain financial products or services from a financial institution primarily for personal, family, or household purposes, while some requirements apply to customers, i.e., consumers with whom the organization has an ongoing relationship.3
The GLBA privacy rules, as enforced by the various regulators, generally require:Clear and conspicuous notice of the financial institution’s information-sharing policies and practices, including what information it collects and with whom it shares the information. Covered institutions may use a model privacy form published by regulators as a safe harbor. The privacy notice must be provided when a customer relationship is established, and annually thereafter unless the financial institution does not engage in any sharing for which customers have the opportunity to opt out and there have been no changes in policy or practice since the previous privacy notice.4
Providing customers the right to opt out of having their nonpublic personal information shared with nonaffiliated third parties, subject to a number of significant exceptions, including for joint marketing, processing consumer transactions, and service providers. Financial institutions must process opt-outs within 30 days.5
Refraining from disclosing account numbers or similar forms of access codes to any nonaffiliated third parties for marketing purposes, with certain narrow exceptions, such as for joint marketing arrangements.6
The following is a list of disclosures regarding nonpublic personal information that institutions must provide in their privacy notices, as applicable:
1. categories of information collected;
2. categories of information disclosed;
3. categories of affiliates and nonaffiliated third parties to whom the institution may disclose information;
4. policies and practices with respect to the treatment of former customers’ information;
5. categories of information disclosed to nonaffiliated third parties that perform services for the institution or functions on the institution’s behalf and categories of third parties with whom the institution has contracted (Section 13);
6. an explanation of the opt out right and methods for opting out;
7. any opt out notices that the institution must provide under the FCRA with respect to affiliate information sharing;
8. policies and practices for protecting the security and confidentiality of information; and
9. a statement that the institution makes disclosures to other nonaffiliated third parties for everyday business purposes or as permitted by law (Sections 14 and 15).
53
Under the GLBA, when must a financial institution give a potential customer the required privacy notice?
A. before a business arrangement is agreed upon
B. after a business arrangement is agreed upon
C. within 2 weeks of business agreement
D. quarterly
B. after a business arrangement is agreed upon
Consumers who are not customers are entitled to an initial privacy notice before the financial institution shares nonpublic personal information with a nonaffiliated third party under the
A financial institution must provide an initial notice of its privacy policies and practices to each customer, not later than the time a customer relationship is established.
54
The financial institution privacy notice required under the GLBA must include an opportunity for the potential customer to:
A. haggle on prices
B. opt out
C. waive all civil rights
D. run
B. opt out
55
Which are provisions of the Fair Credit Reporting Act (FCRA)?
Select all that apply.
A. Consumers have the ability to access and correct their information
B. Consumers may request annual updates and alerts
C. Use of consumer reports is limited to “permissible purposes”
D. Use of consumer reports is limited to three instances per six months
A. Consumers have the ability to access and correct their information
C. Use of consumer reports is limited to “permissible purposes
56
Under the Right to Financial Privacy Act (RFPA), which of the following may allow a government authority access to customer financial records?
Select all that apply.
A. Appropriate formal written request from an authorized government authority
B. Appropriate administrative subpoena or summons
C. Qualified search warrant
D. Legitimate interest of an authorized government authority
E. Customer authorization
F. Appropriate judicial subpoena
A. Appropriate formal written request from an authorized government authority
B. Appropriate administrative subpoena or summons
C. Qualified search warrant
E. Customer authorization
F. Appropriate judicial subpoena
57
Which authority was created by the Dodd-Frank Wall Street Reform and Consumer Protection Act?
A. Bureau of the Fiscal Service (Fiscal Service)
B. Consumer Financial Protection Bureau (CFPB)
C. Bureau of Consular Affairs (CA)
D. Federal Financing Bank (FFB)
B. Consumer Financial Protection Bureau (CFPB)
58
Which of the following has a specific data retention and disposal requirement?
A. Fair and Accurate Credit Transactions Act
B. Any pre-emptive law
C. The Children's Online Privacy Protection Act
D. The Cable Communications Policy Act
A. Fair and Accurate Credit Transactions Act
59
What was the main concern with posting personal information used in bankruptcy cases online?
A. Stalking
B. Family Feuds
C. Identity theft
D. Data breaches
C. Identity theft
60
Which of the following is required by the Fair and Accurate Credit Transactions Act (FACTS) and enhances privacy?
A. Receipts are legally stored for a period of 7 years
B. Credit card numbers are only allowed to be stored w/o the accompanying signature
C. Receipts are not allowed to reveal a full credit card # or debit card #
D. Receipts are only allowed to be issued digitally in specific situations
C. Receipts are not allowed to reveal a full credit card # or debit card #.
One of the requirements is that a credit card # cannot be shown fully on a receipt. This prevents risking identity theft if the receipt falls in the wrong hands.
61
Which of the following is not true regarding the Red Flag Rule?
A. Originally required through Fair and Accurate Credit Transactions Act
B. Authorized the FTC and federal banking agencies
C. Certain financial entities are required to develop an identity theft detection program
D. Requires insurance against Identity Theft
D. Requires insurance against Identity Theft.
Red Flag Rule
• Required agencies that regulate financial entities to develop a set of rules to mandate the detection, prevention & mitigation of identity theft
• Eliminates entities that extend credit only “for expenses incidental to a service”
• Authorizes regulations that apply the rule to businesses whose account should be “subject to a reasonably foreseeable risk of identity theft"
62
What is not true about the DO NOT Call registry?
A. Sellers & telemarketers are required to update their call lists annually
B. Only sellers, telemarketers & service providers may access the registry
C. Violations can lead to civil penalties
D. The DO NOT Call Registry is implemented by the FTC
A. Sellers are required to update their call lists annually - the call lists are required to be required every 31 days
63
Which of the following preempts state law in most areas
A. The Fair and Accurate Credit Transactions Act
B. The Fair Credit Reporting Act
C. The Gramm-Leah Bliley Act
D. The Financial Turmoil Reconciliation Assurance Act
A. The Fair and Accurate Credit Transactions Act
The Fair and Accurate Credit Transactions Act (FACTA) of 2003
• Stricter state laws are preempted in most areas although states retain some powers are preempted in most areas, although states retain some powers to enact laws addressing identity theft
• Required truncation of credit and debit card numbers, so that receipts do not reveal the full credit or debit card number
64
The Fair Credit Reporting Act affects organizations life Equifax, Experian and Transunion. What are these organizations classified as?
Consumer Reporting Agencies
65
Which of the following is required by the Fair and Accurate Credit Transactions Act and enhances privacy?
A. Receipts are legally stored for a period of 7 years
B. Credit card numbers are only allowed to be stored w/o the accompanying signature
C. Receipts are not allowed to reveal a full credit card # or debit card #
D. Receipts are only allowed to be issued digitally in specific situations
C. Receipts are not allowed to reveal a full credit card # or debit card #. One of the requirements is that a credit card # cannot be shown fully on a receipt. This prevents risking identity theft if the receipt falls in the wrong hands.
66
Which of the following is not true regarding the Red Flag Rule?
A. Originally required through Fair and Accurate Credit Transactions Act
B. Authorized the FTC and federal banking agencies
C. Certain financial entities are required to develop an identity theft detection program
D. Requires insurance against Identity Theft
D. Requires insurance against Identity Theft.
Red Flag Rule
• Required agencies that regulate financial entities to develop a set of rules to mandate the detection, prevention & mitigation of identity theft
• Eliminates entities that extend credit only “for expenses incidental to a service”
• Authorizes regulations that apply the rule to businesses whose account should be “subject to a reasonably foreseeable risk of identity theft”
67
Under the GLBA Privacy Rule, what must a privacy notice include? Select all that apply.
A. What is collected
B. With whom information is being shared
C. How information will be safeguarded
D. How consumers can opt out
A. What is collected
B. With whom information is being shared
C. How information will be safeguarded
D. How consumers can opt out
68
What are some major components of financial privacy? Select all that apply.
A. Confidentiality
B. Laws and regulations
C. Security
D. Anonymity
A. Confidentiality
B. Laws and regulations
C. Security
69
The Gramm-Leach Biley Act (GLBA) is also known under what name?
A. the EU Data Protection Directive
B. the CAN-SPAM Act of 2003
C. the Financial Services Modernization Act of 1999.
D. the Children's Online Privacy Protection Act
C. the Financial Services Modernization Act of 1999.
70
Which of the following changes were made under the Gramm-Leach Biley Act?
A. Requires financial companies to adequately secure information
B. Requires financial companies to provide consumers with privacy statements
C. Requires financial companies to offer consumers the ability to opt out of receiving non-affiliated third party offers.
D. Requires financial companies to notify consumers every time their personal data is accessed.
A. Requires financial companies to adequately secure information
B. Requires financial companies to provide consumers with privacy statements
C. Requires financial companies to offer consumers the ability to opt out of receiving non-affiliated third party offers.
71
Which of the following has a specific data retention and disposal requirement?
A. Fair and Accurate Credit Transactions Act
B. Any pre-emptive law
C. The Children's Online Privacy Protection Act
D. The Cable Communications Policy Act
A. Fair and Accurate Credit Transactions Act
72
Which of the following is TRUE about privacy notices?
A. Only certain US laws require a privacy notice
B. Privacy notices are required for all websites in the US or targeted at a US audience
C. Changing a privacy notice mid-service is not deceptive
D. The CLOUD Act
A. Only certain US laws require a privacy notices.
| C is false and B is true depending on the type of website
73
What was the main concern with posting personal information used in bankruptcy cases online?
A. Stalking
B. Family Feuds
C. Identity theft
D. Data breaches
C. Identity theft
74
Under the FCRA, prescreening is a form of:
a. Non-consumer-initiated transaction
b. Remote transaction
c. Consumer initiated transaction
d. None of the above
a. Non-consumer-initiated transaction
75
Under FCRA, a CRA is:
a. Any organization that compiles or evaluates personal information for the purpose of furnishing consumer reports to third parties
b. Any person who evaluates personal information for the purpose of furnishing consumer credit
c. Any person or entity that compiles or evaluates personal information for the purpose of furnishing consumer reports to third parties for a fee
d. None of the above
c. Any person or entity that compiles or evaluates personal information for the purpose of furnishing consumer reports to third parties for a fee
76
Records that may be compiled by CRAs include:
a. Criminal records
b. Driving histories
c. Background histories for preemployment screening
d. All of the above
d. All of the above
77
Which of the following is not a requirement for users of consumer reports under the FCRA?
a. Third-party data for substantive decision-making must be appropriate, accurate, current, and complete
b. Consumer reports may be used only for credit purposes
c. Consumers must receive notice when third-party data is used to make adverse decisions about them
d. All of the above
b. Consumer reports may be used only for credit purposes
78
A consumer report is any communication used as a factor in establishing a consumer’s eligibility for credit, insurance, employment, or other business purpose, and produced by a CRA concerning a person’s:
a. Creditworthiness, credit standing, or credit capacity
b. Character or general reputation
c. Personal characteristics or mode of living
d. All of the above
d. All of the above
79
Which of the following is not a requirement for users of consumer reports under the FCRA?
a. Consumer reports may be used only for permissible purposes
b. Consumers must have access to their consumer reports and an opportunity to dispute them or correct any errors
c. Notice to a consumer when third-party data is used to make adverse decisions about them is optional
d. All of the above
c. Notice to a consumer when third-party data is used to make adverse decisions about them is optional
80
In most cases, outdated negative information under FCRA, is:
a. 7 years or older for most information, and 10 years or older for bankruptcies
b. 7 years or older for bankruptcies, and 5 years or older for other information
c. 5 years or older for bankruptcies, and 7 years or older for other information
d. None of the above
a. 7 years or older for most information, and 10 years or older for bankruptcies
81
Which of the following is not a requirement for users of consumer reports under FCRA?
a. Provide consumer reports only to entities that have a permissible purpose under the FCRA
b. Provide consumer assistance as outlined in DOJ rules
c. Maintain records regarding entities that received consumer reports
d. All of the above
b. Provide consumer assistance as outlined in DOJ rules
82
Which of the following is a requirement for users of consumer reports under FCRA?
a. Provide consumers with access to the information contained in their consumer reports
b. Take reasonable steps to ensure accuracy and completeness of information in the consumer report
c. Refrain from reporting negative information that is outdated
d. All of the above
d. All of the above
83
Enforcement of the FCRA occurs through which of the following?
a. Credit resolution, criminal litigation, and government actions
b. Credit resolution, individual litigation, and government actions
c. Dispute resolution, private litigation, and government actions
d. None of the above
c. Dispute resolution, private litigation, and government actions
84
Which of the following is required to notify the FTC prior to filing suit?
a. CFPB
b. State Attorneys General
c. Individuals
d. All of the above
b. State Attorneys General
85
Which of the following is a certification a user must provide prior to obtaining a consumer report from a CRA?
a. The user has a permissible purpose for which the report is being obtained
b. The report will be destroyed within 10 days of the request
c. The report will not be used for any other purpose
d. Only a and c
d. Only a and c
86
Adverse action notices must include all but which of the following?
a. Name, address, and phone number of the CRA (toll-free if nationwide)
b. Statement the CRA did not make the adverse action and is unable to provide an explanation
c. Statement regarding the consumer’s right to obtain a free disclosure of the consumer’s file from the CRA if requested within 30 days
d. All of the above are required in an adverse action notice
c. Statement regarding the consumer’s right to obtain a free disclosure of the consumer’s file from the CRA if requested within 30 days
87
Adverse action notices must include all but which of the following?
a. Statement the CRA did not make the adverse action but may provide limited details about the reason for the action
b. Statement of consumer’s right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA
c. Statement regarding the consumer’s right to obtain a free disclosure of the consumer’s file from the CRA if requested within 60 days
d. All of the above are required in an adverse action notice
a. Statement the CRA did not make the adverse action but may provide limited details about the reason for the action
88
Which of the following applies to adverse actions taken based on information of the type covered by FCRA, obtained from third parties that are not consumer reporting agencies?
a. Clear and accurate disclosure of the consumer’s right to be informed of the nature of the information that was relied upon, if the consumer requests it within 30 days
b. Clear and accurate disclosure of the consumer’s right to be informed of the nature of the information that was relied upon, if the consumer requests it within 60 days
c. Clear and accurate disclosure of the consumer’s right to be informed of the nature of the information that was relied upon, if the consumer requests it within 10 days
d. None of the above
b. Clear and accurate disclosure of the consumer’s right to be informed of the nature of the information that was relied upon, if the consumer requests it within 60 days
89
Which of the following is a power retained by the states under FACTA (which generally preempts state laws)?
a. Credit scores and state insurance laws in California and Colorado
b. Frequency of free credit reports in Colorado, Georgia, Maine, Maryland, Massachusetts, New Jersey and Vermont
c. Some powers to enact laws address identity theft throughout the states
d. All of the above
d. All of the above
90
How many days does a user of consumer reports have to respond to a consumer request for the information that was relied upon from an affiliate in taking adverse action?
a. 30 days from the date of the request
b. 10 days from the date of the request
c. 30 days from the date the letter was stamped
d. None of the above
a. 30 days from the date of the request
91
How many days does a user of consumer reports have to respond to a consumer request for the information that was relied upon from a non-CRA third party in taking adverse action?
a. 30 days from the date of the request
b. 10 days from the date of the request
c. Within a reasonable time period
d. None of the above
c. Within a reasonable time period
92
Which of the following is a condition that exempts employee investigative reports from being treated as consumer reports?
a. The employer or its agent complies with the procedures set forth in the FCRA
b. No credit information is used
c. A summary describing the nature and scope of the inquiry is provide to the employee if an adverse action is taken based on the results of the report
d. All of the above
d. All of the above
93
Prior to taking adverse action, an employer must:
a. Ask the consumer if they would like to receive a copy of the consumer report on which the employer relied
b. Provide a copy of the consumer report to the consumer, along with a summary of the consumer’s rights received from the CRA
c. Offer to send the consumer a copy of the summary of consumer’s rights received from the CRA
d. None of the above
b. Provide a copy of the consumer report to the consumer, along with a summary of the consumer’s rights received from the CRA
94
Which of the following is a disclosure requirement when a user of consumer reports obtains an investigative consumer report?
a. Must inform the consumer an investigative consumer report may be obtained
b. Must be in writing and mailed or otherwise delivered to the consumer some time before but not later than 3 days after the date on which the report was first requested
c. Nature and scope of investigation must be made in a written statement mailed or delivered to the consumer no later than 5 days after the date on which the request was received from the consumer or the report was first requested, whichever was later
d. All of the above
d. All of the above
95
Under FCRA, which of the following is required by users of consumer reports when using credit scores in making loans secured by residential real property?
a. Must provide credit scores to applicants
b. Must provide information about how to determine their credit score
c. Must provide credit scores and other information about credit scores to applicants
d. None of the above
c. Must provide credit scores and other information about credit scores to applicants
96
Under FCRA, which of the following must be provided if a consumer report is used by an organization in connection with an application for credit or a grant, extension or provision of credit to a consumer on terms less favorable than most favorable terms available to a substantial proportion of consumers?
a. Risk-based pricing notice
b. Risk-based credit report
c. Link to nationwide CRAs for obtaining their credit score
d. None of the above
a. Risk-based pricing notice
97
Which of the following is not included in the required written disclosures for using prescreened lists?
a. Information contained in a consumer report was used in connection with the offer
b. Consumer received the offer because they satisfied the criteria used to screen the offer
c. Consumer may not prohibit the use of their information in their credit file for future prescreened offers
d. Credit or insurance may not be extended if, after the consumer responds, it is determined the consumer does not meet any applicable criteria or collateral requirements
c. Consumer may not prohibit the use of their information in their credit file for future prescreened offers
98
What must an organization do before using a prescreened list from a consumer reporting agency?
a. Before the offer is made, establish criteria to be relied on to make the offer and grant credit or insurance
b. Maintain established criteria on file for three years beginning on the date on which the offer is made to the consumer
c. Include the required disclosures in a clear and conspicuous statement included with each written solicitation
d. All of the above
d. All of the above
99
Which of the following currently has rule-making and enforcement authority over all of FCRA and FACTA?
a. CFPB
b. FRS
c. FTC
d. None of the above
a. CFPB
100
The definition of a financial institution under FCRA includes all bank, savings and loan associations, credit unions, and:
a. All commercial investment companies
b. All other entities that hold a transaction account belonging to a consumer
c. All other entities that perform legal or health services
d. None of the above
b. All other entities that hold a transaction account belonging to a consumer
101
In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act granted rule making authority under FCRA to the CFPB, with the exception of which of the following?
a. Section 615(e) red flag guidelines and regulation
b. Section 628 disposal of records
c. Section 5 UDAP
d. Only a and b
d. Only a and b
102
Under FCRA, which of the following is not included in the definition of a financial institution?
a. Savings and loan association
b. Mortgage lender
c. Medical clinic that allows customers to pay off bills in monthly installments
d. All of the above are not considered financial institutions under FCRA
c. Medical clinic that allows customers to pay off bills in monthly installments
103
Under FCRA, which of the following is not included in the definition of a financial institution?
a. Entities that extend credit only for expenses incidental to service
b. Banks and credit unions
c. Savings and loan associations
d. Mortgage lenders
a. Entities that extend credit only for expenses incidental to service
104
The Red Flags Rule applies to businesses that:
a. Obtain or use consumer reports in connection with a credit transaction
b. Furnish information to CRAs in connection with a credit transaction
c. Advance funds to or on behalf of an individual, except for expenses incidental to a service provided by the creditor to that person
d. All of the above
d. All of the above
105
Example of red flags for ID Theft include all but which of the following?
a. Alerts, warnings, or notifications from a CRA
b. Normal use of a covered account
c. Suspicious identification documents
d. Suspicious personal identifying data
b. Normal use of a covered account
106
Which of the following was the primary focus of the 1999 U.S. Bankcorp/MemberWorks case?
a. Consumer access to personal data
b. Increase in identity theft
c. Data-sharing relationships between banks and third-party marketers, and consumer choice
d. All of the above
c. Data-sharing relationships between banks and third-party marketers, and consumer choice
107
Under GLBA, financial institutions are required to:
a. Store personal financial information in a secure manner
b. Provide notice of their policies regarding the sharing of personal financial information
c. Provide consumers with the choice to opt out of sharing personal information under certain conditions
d. All of the above
d. All of the above
108
Which of the following best describes a financial institution defined by GLBA?
a. A business that holds consumer transaction accounts
b. A business significantly engaged in financial activities
c. A business significantly engaged in lending activities
d. Only a and b
b. A business significantly engaged in financial activities
109
Under GLBA, nonpublic personal information may include personally identifiable information:
a. Provided by a consumer to a financial institution
b. Resulting from a transaction or service performed for the consumer
c. Otherwise obtained by the financial institution
d. All of the above
d. All of the above
110
Under GLBA, which of the following is excluded from the definition of nonpublic personal information?
a. Information a customer provided to a bank
b. Information resulting from a customer’s transaction
c. Publicly available information
d. All of the above
c. Publicly available information
111
Under GLBA, which of the following is excluded from the definition of nonpublic personal information?
a. Information from a consumer list that is derived without using personally identifiable information
b. Information resulting from a customer’s transaction
c. Information obtained by a financial institution
d. All of the above
a. Information from a consumer list that is derived without using personally identifiable information
112
Under the GLBA Safeguards Rule, administrative, technical and physical safeguards implemented by an organization should be reasonably designed to:
a. Ensure the security and confidentiality of customer information
b. Protect against anticipated threats or hazards to the security or integrity of the information
c. Protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to the consumer
d. All of the above
d. All of the above
113
Which of the following is not a security program element required by the Safeguards Rule?
a. Designated employee for writing procedures
b. Risk identification and assessment
c. Implementation and periodic monitoring of a safeguard program
d. Third party providers that implement safeguards
a. Designated employee for writing procedures
114
Under the California Financial Privacy Act (SB-1):
a. Written opt-in consent is required for a financial institution to share personal information with nonaffiliated third parties
b. Opt-in provisions must be presented on a form titled “Important Privacy Choices for Consumers”
c. Consumers are granted the ability to opt out of information sharing between their financial institutions and affiliates not in the same line of business
d. All of the above
d. All of the above
115
Under the California Financial Privacy Act (SB-1), a financial institution does not need to obtain consumer consent to share information with:
a. Nonaffiliated third-parties
b. Affiliated parties in different lines of business
c. Affiliated parties in the same line of business
d. Nonaffiliated parties for joint marketing
c. Affiliated parties in the same line of business
116
Which of the following is not included in the enforcement authority given to the CFPB?
a. Conduct investigations
b. Sentence offenders for criminal actions
c. Issue subpoenas and hold hearings
d. Commence civil actions against offenders
b. Sentence offenders for criminal actions
117
Under the Bank Secrecy Act of 1970, financial institutions are required to collect which of the following for purchases of bank checks, drafts, cashier’s checks, money orders or traveler’s checks of $3,000 or more in currency?
a. Name and address, tax ID number
b. Date of purchase, dollar amount
c. Type of instrument, serial numbers
d. All of the above
d. All of the above
118
Which of the following wire transfers are exempt from BSA reporting requirements?
a. Funds transfers governed by the EFTA
b. Funds transfers made via Western Union
c. Funds transfers made through ACH, ATM , or a POS system
d. Only a and c
d. Only a and c
