PART 716- PRIVACY OF CONSUMER FINANCIAL INFORMATION Flashcards
The NCUA’s privacy regs define a “member” as an individual with a continuing relationship at the CU. True or False?
if a CU does not anticipate disclosing information to affiliates or non affiliated third parties for marketing purposes, the CU is completely exempt from the NCUA privacy regulations. True or False?
Verbal privacy notices are OK if the member signs a statement acknowledging the receipt of the verbal notice. True or False?
if your CU provdes nonpublic personal information with a nonaffiliated third party vendor for marketing purposes your CU must provide your members with the opportunity to opt-out of that information sharing. True or False?
if a CU does not anticipate disclosing information to affiliates or nonaffiliated third parties for marketing purposes, the CU can provide a shortened, simplified notice. True or False?
A member must write and send the CU an extensive letter requesting to opt out of information sharing. True or False?
how a service provider (a vendor) safeguards members’ information is not a concern for your CU. True or False?
if your CU wants to provide members’ information to a vendor to sell products it must disclose this to members, provide them with an opt out notice, and make it easy for members to opt out from the vendor disclosures. True or False?
There are significant penalties and civil liabilities for your CU for violating the NCUA privacy regulations. True or False?
a. under the NCUA’s requirement for a CU’s member information security program, staff training on the security program is not a requirement but is a good practice. True or False?
b. NCUA requires the CUs board of directors to not only assist in writing the policy for the CU’s member information security program but also to conduct an annual audit of the program as well. True or False?
c. a CU is required to include electronic protection of member information in its member information security program, which includes, 1. developing and monitoring polices and procedures, and 2. identifying any reasonably foreseeable internal and external threats based on the IT enviroment and the products and services it provides. True or False?
d. NCUA guidane provided to CUs concerning electronic authentication programs includes 1. developing a process that is consistent and supports the CU’s overall security and risk assessment program, 2. that is periodically reviewed, and 3. includes auditing and monitoring features. True or False?
To avoid problems with pretext calling and identity theft the NCUA recommends that the CU only give account information to the primary member on the account. True or False?
The NCUA regulations require an insured CU to have a data security response program to address when there is unauthorized access to member information. Such a program includes 1. assessing the nature and scope of the breach (i.e. what information systems and member information was accessed) 2. notifying the NCUA reginal director or state agency of the breach, 3. if warranted filing a SAR, and 4. providing notice to members of the breach. True or False?
while the required notice to members as part of the data security response program must include a description of the member information that was accessed and a phone number for members to call for further information and assistance, it does not need to include the name of the person who or group that accessed that information. True or False?
under its data security response program a CU may contract with its service provider (such as it data processing vendor) to notify all of its members and regulators that its information system has been breached. True or False?
The children’s online protection program act is a federal law enacted to prohibit unfair or deceptive internet acts or practices in connection with the collection, use and/or disclosure of personal information from and about children under the age of 13 who can access websites via the internet. True or False?