Financial Privacy Flashcards
FCRA
Fair credit reporting act of 1970
Created to regulate the consumer reporting industry and provide privacy rights in consumer reports
Imposes obligations on users of consumer reports and furnishers, those who furnish credit history to the CRAs.
What is a CRA
Any person or entity that compiles or evaluates personal information for the purpose of furnishing consumer reports to third parties for a fee.
CRA reports are used for the purpose of serving as a factor in establishing a consumers eligibility for credit, insurance, employment, or other business purpose
Examples: experian, TransUnion, equifax
What 4 requirements must users of consumer reports meet under the FCRA?
- Third party data for substantive decision making must be appropriately accurate current and complete
- provides consumers with the ability to access to their consumer reports and dispute them or correct information
- Consumers must receive notice when 3rd party data is used to make adverse decisions about them
- limits the use of consumer reports to defined permissible purposes
Record keeping
Providing certifications to the CRAs
Securely disposing f the consumer report data
Enforcement and noncompliance with the FCRA
At the federal level the FTC and CFPB share responsibility to enforce the FCRA
Enforcement is available through
- dispute resolution
- private litigation
- Private right of action
- government actions - can be brought by the FTC CFPB and state attorney general
Noncompliance can lead to civil and criminal penalties
What notice requirements / obligations are all users of consumer reports required to provide under the FCRA?
- Users must have a permissible purpose to obtain a consumer report
- Users must provide certifications of the permissible purpose and that the report won’t be used for anything else
- Users must notify consumers when adverse actions are taken
Disclosures under the FCRA
People who use credit scores for arranging loans must provide credit scores and other information about credit scores to applicants
Risk-based pricing rule
Employers must provide an adverse action notice if credit information obtained is used to deny employment
FACTA
The fair and accurate credit transactions act
This act made amendments to the FCRA
- gave consumers right to explanation of their credit score
- gave consumers the right to a free annual credit report from the 3consumer credit agencies
- truncation of credit and debit card numbers so receipts don’t reveal full numbers
- identity theft protections and required regulators to promote a disposal rules and red flags rule
FACTA disposal rule
Require any individual or entity that uses a consumer report for a business purpose to dispose of that consumer information in a way that prevents unauthorized access or misuse of that data.
Enforcement of this rule is by the FTC, federal banking regulators and the CFPB
FACTA red flags rule
Requires agencies that regulate financial entities to develop a set of rules to mandate the detection, prevention, and mitigation of identity theft
Grimm-leach-Bailey act
Also known at title V of the financial services modernization act of 1999
Applies to financial institutions which are any US companies that are significantly engaged in financial activities
Regulates financial institutions management of nonpublic personal data
FTC and CFPB have enforcement at the federal level and state attorneys general at the state level, stricter state laws are not preempted under GLBA
GLBA privacy rule
- financial institutions must prepare and provide to customer notice of the financial institutions information sharing policies and practices ( at time relationship is established and annually after that)
- provide customers the right to opt-out of having their non public personal information shared with non affiliated 3rd parties (except joint marketers and affiliated companies)
- refrain from disclosing to any non affiliated third party marketer an account number or similar form of access code to a consumers credit card
- comply with regulatory standards established to protect the security and confidentiality of customer records and information
GLBA safeguards rule
Requires financial institutions to develop an information security program
- designate an employee to coordinate the safeguards
- identity and assess risks to customer information
- implement a safeguard program and regularly monitor and test it
- select appropriate service providers and enter agreements with them to implement safeguards
- evaluate and adjust the program in light of relevant circumstances
CFPB
Consumer financial protection bureau
Oversees the relationship between consumers and providers of financial products and services
Holds authority to examine, write regulations and bring enforcement actions concerning businesses that provide financial products or services
Has the ability to conduct investigations, issue subpoenas, hold hearings and commence civil actions against offenders.
Dodd-frank Wall Street reform and consumer protection act
Created the CFPB as an independent bureau within the federal reserve
Provides the CFPB with the power to enforce against abusive acts and practices which are:
- materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service
- takes unreasonable advantage of a lack of understanding of the consumer of the material risks, costs or conditions of the product or service
- the inability of the consumer to protect its interests in selecting or using a consumer financial product or service
- the reasonable reliance by the consumer on a covered person to act in the interests of the consumer
What acts require financial institutions to retain and disclose personal information to the government
The bank secrecy act of 1970 (BSA)
The international money laundering abatement and anti-terrorist financing act of 2001 (part of the USA patriot act)