Part 716 - Privacy of Consumer Financial Information Flashcards
T or F
The NCUA’s privacy regs define a “member” as an individual with a continuing relationship at the credit union.
True
T or F
If a credit union does not anticipate disclosing information to affiliates or nonaffiliated third parties for marketing purposes, the credit union is completely exempt from the NCUA privacy regulations.
False
T or F
Verbal privacy notices are OK if the member signs a statement acknowledging the recipt of the verbal notice.
False
T or F
If your credit union provides nonpublic personal information with a nonaffiliated third-party vendor for marketing purposes your credit union must provide your members with the opportunity to opt out of that information sharing
True
T or F
A member must write and send the credit union an extensive letter requesting to opt out of information sharing.
False
T or F
How a service provider (a vendor) safeguards members’ information is not a concern for your credit union
False
If your credit union wants to provide members’ information to a vendor to sell products it must disclose this member, provide them with an opt out notice, and make it easy for members to opt out from the vendor disclosure.
True
T or F
There are significant penalties and civil liability for your credit union for violating the NCUA privacy regulations.
False
T or F
Under the NCUA’s requirement for a credit union’s member information security program, staff training on the security program is not a requirement but is a good practice
False
T or F
The NCUA requires the credit union’s Board of Directors to not only assist in writing the policy for the credit union’s member information security program but also to conduct an annual audit of the program as well.
False
T or F
A credit union is required to include the electronic protection of member information in its member information security program, which includes:
1. developing and monitoring policies and procedures
2. identifying any reasonably foreseeable internal and external threats based on the IT environment and the products and services it provides.
True
T or F
NCUA guidance provided to credit unions concerning electronic authentication programs includes.
1. Developing a process that is consistent and supports the credit union’s overall security and risk assessment program.
2. That is periodically reviewed
3. That includes auditing and monitoring features
True
T or F
To avoid problems with pretext calling and identity theft the NCUA recommends that the credit union only give account infmroation to the primary member on the account.
False
T or F
The NCUA regulations require an insured credit union to have a Data Security Program to address when there is unauthorized access to (i.e., a breach of) member information. Such a program includes:
1. Assessing the nature and scope of the breach (i.e., what information systems and member information was accessed)
2. Notifying the NCUA Regional Director or state agency of the breach
3. If warranted filing a SAR
4. Providing notice to the members of the breach.
True
T or F
While the required notice to members as part of the Data Security Response Program must include a description of the type of member information that was accessed and a phone number for members to call for further information and assistance, it does not need to include the name of the person who or group that (i.e.,the crooks) accessed that information.
True
