Financial Privacy

Question 1

Fair credit reporting act USERS

Answer 1

lenders, insurers, employers etc

Question 2

Fair Credit reporting act furnishers

Answer 2

lenders, retailers, etc

Question 3

Consumer Reporting Agencies (CRAs)

Answer 3

CRAs compile or evaluate personal information to furnish consumer reports to third parties for a fee

Question 4

A consumer report is:

Answer 4

any communication by a CRA related to an individual that is used to establish
eligibility for credit, insurance, employment, etc.

Question 5

Fair credit reporting act provides the following privacy rights in consumer reports

Answer 5

Accurate and relevant data collection
• Consumer access and correction
• Limits use to “permissible purposes”
• Maintain records
• Provide consumer assistance defined by FTC

Question 6

How is the fair credit reporting act enforced?

Answer 6

FTC, CFPB, state attorneys general

Dispute resolution; private right of action

Question 7

Fair and accurate credit transactions act requires:

Answer 7

Truncation of credit and debit card numbers

Consumer right to an explanation of their credit scores

Consumer right to a free annual credit report from each of the three national credit agencies

Question 8

True/False Fair and accurate transactions act preempts most stricter state laws

Answer 8

True

Question 9

Two rules to Fair and accurate credit transaction act

Answer 9

Disposal Rule and Red Flag Rule

Question 10

FACTA Disposal Rule

Answer 10

any individual or entity that uses a consumer report, or information derived from a consumer report, for a business purpose to dispose of that consumer information in a way that prevents unauthorized access and misuse of the data

Question 11

Violations to Fair and accurate credit transaction act

Answer 11

Civil liability as well as state and federal actions

Question 12

Fair and accurate credit transaction act red flag rule

Answer 12

Requires certain financial entities to develop and implement written identity theft detection programs that can
identify and respond to “red flags” that signal identity theft

Question 13

Fair and accurate credit transaction act red flag rule only applies to:

Answer 13

Financial institutions and creditors. Does not apply to credits who extend credit only expenses incidental to a service”

Question 14

true/false: FCRA preempts stricter state laws for employment credit history checks

Answer 14

False. FCRA does not preempt stricter state laws for employment
credit history checks

Question 15

State credit employment laws that have stricter laws than FCRA

Answer 15

California, Connecticut, Delaware, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont and Washington

Question 16

GLBA requires financial institutions to:

Answer 16

Securely store personal financial information (*Safeguards Rule)

Give notice of data sharing policies (*Privacy Rule)

Give consumers the right to opt-out of some sharing (*Privacy Rule)

Question 17

Personal information in scope of GLBA

Answer 17

Financial institution management of “non public personal information”

PII, provided to a financial institution by a consumer, resulting from a transaction or service, otherwise obtained from the financial institution

Question 18

PII excluded from GLBA

Answer 18

Publicly available information and any consumer list that is derived without using personally identifiable financial information

Question 19

Enforcement agencies of GLBA

Answer 19

Financial institutional reform, recovery and enforcement act (FIRREA) and Consumer Financial Protection Bureau (CFPB)

Question 20

What bureau enforces the privacy and safeguards rule of GLBA?

Answer 20

Consumer Financial Protection Bureau (CFPB)

Question 21

GLBA Privacy Rule

Answer 21

Financial institutions must provide initial and annual privacy notices AND process opt-outs within 30 days

Question 22

FAST act

Answer 22

Establishes an exception to the annual privacy notice requirements: A financial institution that meets certain criteria is not required to provide an annual privacy notice to customers

Question 23

Under GLBA consumers cannot opt-out of :

Answer 23

• Information is shared with outside companies that provide essential services (e.g., data processing)
• The disclosure is legally required
• Information is shared with outside service providers that market the financial company’s products or services

Question 24

Under GLBA before sharing personal information to third parties, companies must:

Answer 24

disclose information-sharing practices to customers and providing them with the FCRA standard opportunity to opt out

Question 25

GLBA privacy notice requirements:

Answer 25

Provide customers with clear and conspicuous notice of information sharing policies and practices

Provide customers with the right to opt-out

Refrain from disclosing account number or access codes to nonaffiliated third-party marketers

Comply with regulatory standards designed to protect consumer information

What is collected
With whom information is shared
How information will be safeguarded
How consumer can opt out

Question 26

GLBA Safeguards rule

Answer 26

It requires financial institutions to develop and implement a comprehensive “information security program.”

Question 27

Under GLBA Safeguards Rule there must be these 3 security features

Answer 27

Administrative security, technical security, physical security

Question 28

GLBA Safeguards rule requirements

Answer 28

• Designate an employee to coordinate the safeguards
• Design and implement a safeguard program, and monitor and test it regularly
• Identify and assess the risks and evaluate the effectiveness of the safeguards
• Select and provide oversight of appropriate service providers
• Evaluate and adjust the program as needed

Question 29

California Financial Information Privacy Act (SB-1)

Answer 29

Increases the disclosure requirements of financial institutions and grants consumers increased rights with regard to information sharing

Question 30

California Financial Information Privacy Act (SB-1) Opt-In requirements

Answer 30

opt-in consent is required for a financial institution to share personal information with nonaffiliated third parties

Opt-in provisions must be presented on a form titled “Important Privacy Choices for Consumers” and be written in simple English

Question 31

California Financial information privacy act (SB-1) opt-out requirements

Answer 31

grants consumers the ability to opt out of information sharing between their financial institutions and affiliates not in the same line of business

Question 32

Which bureau did the dodd-frank act create?

Answer 32

Consumer Financial Protection Bureau (CFPB)

Question 33

CFPB has the authority to do what with which laws

Answer 33

Consumer financial protection bureau has rule-making authority for financial privacy and other issues with GLBA and FCRA

Question 34

Agencies that can enforce unfair and deceptive practices for financial privacy laws?

Answer 34

FTC, consumer financial protection bureau and state AGs

Question 35

What is a SAR?

Answer 35

Suspicious activity report - Must be filed with Department of Treasury’s Financial Crimes Enforcement Network when an entity suspects an insider involved in a crime, regardless of amount and other large transaction amounts

Question 36

International money laundering abatement and anti-terrorist financing act of 2001

Answer 36

Expanded reach of BSA and part of the US patriot act.