Module 8: Financial Privacy Flashcards
3 Components of Financial Privacy
- Confidentiality
- Security
- Laws & Regulations
Financial Privacy:
Confidentiality
– ensure the confidentiality of banking and other financial records
– encourage honesty regarding assets, debts, and ability to pay
Financial Privacy:
Security
To ensure the security of confidential information and protection from theft and
fraud
Financial Privacy:
Laws & Regulations
- restrict how financial service firms may collect, use and disclose personal info
- -ensure financial info is accurate and fairly shared
- -establish rules about reporting obligations
FCRA?
Why was it formed?
What is it?
Fair Credit Reporting Act (or FCRA)
rise of consumer credit led merchants to share in-depth customer data to facilitate lending to households
congress passed FCRA because individuals were being harmed by inaccurate information that they could neither see nor correct
FRCA
3 components of the law are?
1) Regulations
FRCA Regulations
Regulates consumer reporting agencies (CRAs)
FCRA Provisions
The FCRA mandates accurate & relevant data collection and provides privacy rights in consumer reports:
> Consumers have the ability to access and correct their info
> Limits use of consumer reports to “permissible purposes”
FCRA Enforcement
The FTC, the Consumer Financial Protection Bureau (or CFPB), and state attorneys general enforcement of the FCRA through:
> Dispute resolution
Private right of action
Government actions
What are CRAs?
CRAs compile or evaluate personal information to furnish consumer reports to third parties for a fee
What is a consumer report?
A “consumer report” is any communication by a CRA, related to an individual, which is used to establish that individual’s eligibility for:
- credit
- insurance
- employment
What is an investigative consumer report?
– gives information about one’s:
>character,
>reputation
>mode of living, etc.
– obtained through a personal interview
– FCRA limits the use of medical information obtained from a CRA.
- If needed for employment purposes, written consent is needed, and medical info must be relevant
FACTA 2003
The Fair and Accurate Credit Transactions Act (FACTA) passed in 2003
-amended the FCRA to enact stronger consumer protections including
> truncation of credit and debit card #s
> affording consumers the right to free annual credit report from 3 national credit agencies
> requiring regulators to implement the disposal rule and red flags rule
FACTA 2010
FTC updated in 2010 updating the disclosure required by companies advertising “free credit reports”.
The Disposal Rule
Applies to?
individual or entity that uses a consumer report for a business purpose
EX: >consumer reporting agencies >lenders >employers >insurers >landlords >car dealers >attorneys >debt collectors >government agencies
The Disposal Rule
Requirement?
dispose of that consumer information in a way that prevents unauthorized access and misuse of the data
The Disposal Rule
Violations
Civil liability as well as federal and state enforcement actions
Red Flag Rule
Applies to?
Put into effect under FACTA
Financial institutions, such as > banks > saving and loan associations > credit unions > creditors
Red Flag Rule
Requirements
Develop a set of rules to mandate: >detection
>prevention and mitigation of
identity theft
Red Flags Rule
Things to note
- Suspicious identification documents
- alerts
- unusual use of a covered account
- consumer report warnings
- suspicious personal identifying data
Select Disposal Rule or Red Flags Rule (or both)?
Violators may face civil liability, as well as federal and state enforcement actions
Disposal Rule
Select Disposal Rule or Red Flags Rule (or both)?
Includes discarding, abandonment, donation, sale, or transfer of information of documents
Disposal Rule
Select Disposal Rule or Red Flags Rule (or both)?
Applies to both small and large organizations
Disposal Rule
&
Red Flags Rule
Select Disposal Rule or Red Flags Rule (or both)?
Does not apply to creditors who extend credit only for “expenses incidental to a service”
Red Flags Rule
Select Disposal Rule or Red Flags Rule (or both)?
Develop and implement written identity theft detection programs
Red Flags Rule
Select Disposal Rule or Red Flags Rule (or both)?
Red Flags Rule
GLBA stands for?
Gramm-Leach-Bliley Act
What does GLBA regulate?
regulates management of nonpublic personal info
Who does GLBA apply to?
What is the penalty?
Financial info provided by a consumer from a transaction or service otherwise obtained
penalties under the Financial Institution Reform, Recovery and Enforcement (FIRREA)
GLBA Privacy Rules
financial institutions to provide initial and annual privacy notices that are clear, conspicuous, and accurate, and inform customers of their rights to opt-out and process opt-out requests within 30 days.
financial institutions to share any info they have within:
> their affiliated and non-affiliated companies,
joint marketing partners
other 3rd parties provided that the notice standard is met and the FCRA-mandated opt-out is offered.
3 Rules of the GLBA Privacy Rule
- Privacy Notice
- Information sharing
- Compliance
GLBA Privacy Rule:
Privacy notice must include:
Notices must include: • What is collected • With whom information is being shared • How information will be safeguarded • How consumers can opt out
GLBA Privacy Rule:
Information Sharing
Once notice and opt-out standards have been met, consumer information may be
shared with:
- Affiliated companies
- Joint marketing partners
- Nonaffiliated companies
- Other third parties
GLBA Privacy Rule:
Compliance
Comply with regulatory standards established by government authorities to:
• Protect the security and confidentiality of customer information
• Protect against security threats and unauthorized access to or uses of
customer information
GLBA Safegaurd Rule:
defined?
became effective in 2003.
requires institutions to develop and implement a comprehensive information security program
GLBA Safegaurd Rule:
3 levels of security
- administrative
- technical
- physical
GLBA Safegaurd Rule:
program design
- ensure the security and confidentiality of customer information
- protect against any anticipated threats or hazards to information
- protect against unauthorized access to or use of information that could result in substantial harm or inconvenience to customers
GLBA Safegaurd Rule:
program implementation
- designate an employee to coordinate safeguards
- identify and assess risks and evaluate the effectiveness of the safeguards
- design, implement and monitor a safeguard program
- select and provide oversight of appropriate service providers
GLBA Level of Security:
Administrative security
- Program definition
- management of workforce risks
- employee training
- vendor oversight
GLBA Level of Security:
Technical security:
- Computer systems
- Networks and applications
- Access controls and encryption
GLBA Level of Security:
Physical security
- Facilities
- environmental safeguards
- business continuity
- disaster recovery
GLBA Level of Security:
Program design
– Ensure the security and confidentiality of customer information
– Protect against any anticipated threats or hazards to information
– Protect against unauthorized access to or use of information that could result in
substantial harm or inconvenience to customers
GLBA Level of Security:
Program implementation
– Designate an employee to coordinate safeguards
– Identify and assess risks and evaluate the effectiveness of the safeguards
– Design, implement and monitor a safeguard program
– Select and provide oversight of appropriate service providers
California SB-1
defined
builds upon GLBA
-heightened and increased responsibilities for protecting information and disclosing information and how you can do it and with whom and for what purposes
California SB-1
Fines
low end $2500
up to $500,000
egregious offender: no cap
California SB-1 defined
California Financial Information Privacy Act (SB-1)
About California SB-1
- Expands GLBA
- Increases disclosure requirements
- Grants consumers right to opt out of information sharing
Dodd-Frank and Consumer Protection
background?
in response to financial crisis of 2008, congress enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act. Signed into law June 2010
Dodd-Frank and Consumer Protection
What law did it create?
The act created the new Consumer Financial Protection Bureau (CFPB) as an independent bureau
within the Federal Reserve that oversees the relationship between consumers and financial
product and services providers.
CFPB provisions?
- rule-making authority
- enforcement
CFPB
Rule-making authority
- FCRA and GLBA
- Specific laws related to financial privacy and consumer issues
CFPB
Enforcement
- conducts investigations
- issues subpoenas
- holds hearings and commences civil actions against offenders
Online Banking
Security Measures
- Operating systems
- Internet browser
- firewalls, antivirus, and anti-malware programs
- passwords and encryptions
Online Banking
Privacy measures
- authentication methods
- public wifi dangers
- mobile antivirus and malware detection software
- mobile privacy policy
- opt-out option of mobile ad targeting
What are some major components of financial privacy? Select all that apply.
A) Confidentiality
B) Laws and regulations
C) Security
D) Anonymity
A, B, and C
What does CRA stand for?
A) Confirmed right of action
B) Credit reform act
C) cooperate retail authorities
D) Consumer reporting agencies
D) Consumer reporting agencies
Which is a provision of the Fair Credit Reporting Act (FCRA)? Select all that apply.
A) Use of consumer reports is limited to three instances per six months
B) Use of consumer reports is limited to “permissible purposes”
C) Consumers have the ability to access and correct their information
D) Consumers may request annual updates and alerts
B and C
True or False?
The Fair Credit Reporting Act (FCRA) amended the Fair and Accurate Credit Transactions Act (FACTA)
False
True or false?
The FACTA Disposal Rule requires any entity that uses a consumer report for a business purpose to dispose of it in a way that prevents unauthorized access and misuse of
the data.
True
Which act regulates financial institutions and their management of nonpublic personal
information?
A) Fair Credit Reporting Act (FCRA)
B) Fair and Accurate Credit Transactions Act (FACTA)
C) Gramm-Leach-Bliley Act (GLBA)
D) Dodd-Frank Wall Street Reform and Consumer Protection Act
D
Under the GLBA Privacy Rule, what must a privacy notice include? Select all that apply.
A) What is collected
B) With whom information is being shared
C) How information will be safeguarded
D) How consumers can opt out
All of the above
Which authority was created by the Dodd-Frank Wall Street Reform and Consumer
Protection Act?
A) Bureau of the Fiscal Service (Fiscal Service)
B) Consumer Financial Protection Bureau (CFPB)
C)Bureau of Consular Affairs (CA)
D)Federal Financing Bank (FFB)
A