Financial Privacy Flashcards
What is the FCRA?
The Fair Credit and Reporting Act. It mandates that accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes.
Who does the FCRA regulate?
Any consumer reporting agency (CRA) that furnishes a consumer report.
Who is a CRA?
Any person or entity that compiles or evaluates personal information for the purpose of furnishing consumer reports to 3rd parties for a fee.
What is a consumer report?
Any communication by a CRA related to an individual that pertains to the person's: - Creditworthiness - Credit Standing - Credit Capacity - Character - General Reputation - Personal characteristics - Mode of living and that is used as a factor in establishing a consumer's eligibility for credit, insurance, employment or other business purpose.
What are the 4 main requirements under the FCRA that users of consumer reports must meet?
- Third party data for substantive decision making must be appropriately accurate, current and complete
- Consumers must receive notice when third-party data is used to make adverse decisions about them
- Consumer reports may be used only for permissible purposes
- Consumers must have access to their consumer reports and an opportunity to dispute them or correct any errors.
What obligations are CRAs required to provide notice of to users of consumer reports?
- Users must have a permissible purpose.
- Users must provide certifications.
- Users must notify consumers when adverse actions are taken.
Gramm-Leach-Bliley Act of 1999
GLBA, AKA Title V of the Financial Services Modernization Act
- any org that significantly engaged in US financial activities
- Must have a program for customer PII, that includes: storage, notice, and opt-out.
FTC managed.
GLBA Opt-Out Policy
Opt out only- you can choose not to have info shared to nonaffiliated 3rd parties, but no choice on data processors.
GLBA Privacy Rule
You must provide a privacy notice at relationship establishment and annually thereafter. You have the right to opt out of sharing to 3rd parties. If the policy changes, you must provide notice again.
GLBA Safeguards Rule
A formal infosec program must be in writing and in place.
Financial Institution Reform, Recovery, and Enforcement Act of 1989
FIRREA. If you violate GLBA, you face penalties under this. Admin’ed by CFPB (formerly FTC)
Bank Secrecy Act of 1970
BSA, AKA Currency and Foreign Transactions Reporting Act
- Transactions over 10k must be reported to the IRS- name, address, SSN, amounts, currency
Suspicious Activity Reports (SARs)
- any insider crime of any amount
- $5k+ and can ID suspect
- $25k+ and can’t ID suspect
- $5k+ if potential money laundering
US Treasury and FinCEN
Right to Financial Privacy Act of 1978
RFPA- covers financial institutions, and says the Fed gov’t can’t access records of customers unless “reasonably described” and one of the following:
- Customer consents
- subpoena / warrant / summons
- written formal request from gov’t authority
Treasury enforces.
Dodd-Frank Wall Street Reform Act of 2010
Title X created CFPB. Added “abusive acts and practices” to “unfair and deceptive” language.
CFPB now manages what acts?
FCRA GLBA Fair Debt Collections Act FIRREA ECOA
