Financial Privacy Flashcards
Fair credit reporting act USERS
lenders, insurers, employers etc
Fair Credit reporting act furnishers
lenders, retailers, etc
Consumer Reporting Agencies (CRAs)
CRAs compile or evaluate personal information to furnish consumer reports to third parties for a fee
A consumer report is:
any communication by a CRA related to an individual that is used to establish
eligibility for credit, insurance, employment, etc.
Fair credit reporting act provides the following privacy rights in consumer reports
Accurate and relevant data collection • Consumer access and correction • Limits use to “permissible purposes” • Maintain records • Provide consumer assistance defined by FTC
How is the fair credit reporting act enforced?
FTC, CFPB, state attorneys general
Dispute resolution; private right of action
Fair and accurate credit transactions act requires:
Truncation of credit and debit card numbers
Consumer right to an explanation of their credit scores
Consumer right to a free annual credit report from each of the three national credit agencies
True/False Fair and accurate transactions act preempts most stricter state laws
True
Two rules to Fair and accurate credit transaction act
Disposal Rule and Red Flag Rule
FACTA Disposal Rule
any individual or entity that uses a consumer report, or information derived from a consumer report, for a business purpose to dispose of that consumer information in a way that prevents unauthorized access and misuse of the data
Violations to Fair and accurate credit transaction act
Civil liability as well as state and federal actions
Fair and accurate credit transaction act red flag rule
Requires certain financial entities to develop and implement written identity theft detection programs that can
identify and respond to “red flags” that signal identity theft
Fair and accurate credit transaction act red flag rule only applies to:
Financial institutions and creditors. Does not apply to credits who extend credit only expenses incidental to a service”
true/false: FCRA preempts stricter state laws for employment credit history checks
False. FCRA does not preempt stricter state laws for employment
credit history checks
State credit employment laws that have stricter laws than FCRA
California, Connecticut, Delaware, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont and Washington
GLBA requires financial institutions to:
Securely store personal financial information (*Safeguards Rule)
Give notice of data sharing policies (*Privacy Rule)
Give consumers the right to opt-out of some sharing (*Privacy Rule)
Personal information in scope of GLBA
Financial institution management of “non public personal information”
PII, provided to a financial institution by a consumer, resulting from a transaction or service, otherwise obtained from the financial institution
PII excluded from GLBA
Publicly available information and any consumer list that is derived without using personally identifiable financial information
Enforcement agencies of GLBA
Financial institutional reform, recovery and enforcement act (FIRREA) and Consumer Financial Protection Bureau (CFPB)
What bureau enforces the privacy and safeguards rule of GLBA?
Consumer Financial Protection Bureau (CFPB)
GLBA Privacy Rule
Financial institutions must provide initial and annual privacy notices AND process opt-outs within 30 days
FAST act
Establishes an exception to the annual privacy notice requirements: A financial institution that meets certain criteria is not required to provide an annual privacy notice to customers
Under GLBA consumers cannot opt-out of :
- Information is shared with outside companies that provide essential services (e.g., data processing)
- The disclosure is legally required
- Information is shared with outside service providers that market the financial company’s products or services
Under GLBA before sharing personal information to third parties, companies must:
disclose information-sharing practices to customers and providing them with the FCRA standard opportunity to opt out
