Privacy Flashcards
RFPA covers consumer records of:
individuals and partnerships of five or fewer individuals
RFPA requires that when a government agency requires a financial institution to assemble or provide records pertaining to a court order, a federal subpoena, or an administrative procedure, it must:
reimburse the institution for any reasonably necessary costs that were directly incurred in the production of the records
Reimbursement for government request record production include total amounts of personnel direct time in:
locating, retrieving, reproducing, packaging, and preparing for shipment
Reimbursement for government request record production will only be made for direct costs actually incurred for work that:
was reasonably necessary
T or F
Specific costs for expert and legal advice are not reimbursable under RFPA
TRUE
An institution may not release the government requested financial records until the government authority seeking the records:
certifies in writing to the financial institution that it has complied with the applicable provisions of the statute
Who is the definition of a consumer or customer different in Reg P?
customers are those that you have an established business relationship with
Banks cannot disclose non-public personal information about consumers to non-affiliated third parties unless:
the customer is allowed to opt out of the sharing and has not opted out
The Privacy Notice must be provided when:
the relationship is established and annually if there have been changes
What are the three sharing exceptions for Reg P?
* marketing
* processing and servicing
* miscellaneous (regulators, courts, required by law, etc.)
What are the areas required by COPPA?
* parental notice and consent
* confidentiality and security of children’s personal information
Bank must have a written security program with internal controls, monitoring, and reporting to the board that include:
* risk assessments
* safeguards
* training
* reporting
Once a personal phone number is registered with the FTC you cannot call the number for marketing purposes unless:
* you have a business relationship within the last 18 months OR
* the consumer has expressly consented
Banks are required to check the do not call list at least:
every 3 months for additions or changes
If a consumer specifically asks the company in which they have a relationship with to stop solicitations then:
the bank must place the customers name on their internal do not call list and stop making marketing calls