Understanding Privacy: The Essentials

Question 1

Would it be a violation of privacy regulations to tell a merchant whether or not a check will clear?

Answer 1

No, as long as the institution discloses their privacy regulations.

Question 2

Do the privacy regulations apply to businesses?

Answer 2

No, the privacy regulations apply only to individuals who obtain products or services for personal, family, or household purposes.

Question 3

Are there different rules for consumers versus customers?

Answer 3

Kind of, the privacy regulations are applied differently

Question 4

What is an Affiliate?

Answer 4

any entity that controls, is controlled by, or is under common control with another entity

Question 5

What did the Gramm-Leach-Bililey Act of 1999 do?

Answer 5

1. Established rules for how sensitive information may be used
2. Required financial institutions to inform each consumer of exactly what their institution’s individual privacy policies involve

Question 6

Are institutions allowed to disclose consumers’ nonpublic personal information to non-affiliate third parties?

Answer 6

Sometimes

Question 7

When can information be shared with non-affiliate third parties?

Answer 7

When the institution properly notifies consumers of its privacy policies and the institution gives consumers a reasonable chance to “opt out” of information disclosure

Question 8

Privacy regulations apply to ___.

Answer 8

Individuals who obtain products or services for personal, family, or household purposes. They do not apply to businesses.

Question 9

What is “Nonpublic Personal Information”?

Answer 9

SSN, Acct#, credit reports, payment histories, etc… (Generally any information that is not publicly available)

Question 10

What is a “Nonaffiliated Third Party”?

Answer 10

any entity that your institution doesn’t control, isn’t controlled by, or isn’t under common control with. (The opposite of an affiliate)

Question 11

Which government act controls information sharing?

Answer 11

the FCRA (Fair Credit Reporting Act)

Question 12

What is a “Consumer”?

Answer 12

an individual who may have inquired about or applied for one or more of your institution’s products/services but has not established a contractual or formal agreement with your institution

Question 13

What is a “Customer”?

Answer 13

a consumer who has established a contractual or formal agreement with your institution

Question 14

Do consumer regulations apply to customers?

Answer 14

Yes, for the sake of regulation, all consumer regulations also apply to customers

Question 15

The privacy regulations govern how your institution collects, handles, and shares consumers’ ___ with ___.

Answer 15

Nonpublic personal information; non-affiliated third parties

Question 16

James does all his banking with Bank ! He has applied for auto loans at Banks X, Y, and Z. With respects to Banks X, Y, and Z, James is a ___.

Answer 16

Consumer

Question 17

In what circumstance may privacy regulations affect how two banks share consumer information?

Answer 17

two banks would have to be nonaffiliated third parties

Question 18

Must banks notify customers and consumers about its privacy policy?

Answer 18

Yes

Question 19

What must a privacy notice include?

Answer 19

Categories of collected information

2. Categories of information shared
3. Categories of affiliates and nonaffiliated receiving information
4. A policy on how former customers’ information is treated/used

Question 20

What are the three categories of Privacy Notices?

Answer 20

1. Annual Privacy Notice
2. Initial Privacy Notice
3. Revised Privacy Notice

Question 21

What is an Annual Privacy Notice?

Answer 21

Only customers receive these; occur once a year at any time of the year during the continuation of a customer’s relationship (some exceptions)

Question 22

What is an Initial Privacy Notice?

Answer 22

Must be given to existing customers, new customers, and consumers when they apply for or obtain a new product or service

Question 23

What is a Revised Privacy Notice

Answer 23

Given to existing customers, new customers, and applicable consumers whenever an institution changes its privacy policy that negates previous policies

Question 24

When do New Customers receive an Initial Privacy Notice?

Answer 24

When a customer relationship is established?

Question 25

When do Existing Customers receive an Initial Privacy Notice?

Answer 25

• If they obtain a new product or service

- The most recently provided notice is inaccurate in regards to the new product or service

Question 26

When do Consumers receive an Initial Privacy Notice?

Answer 26

when an institution will disclose their nonpublic private information with non-affiliated third parties

Question 27

Ana, a person with no previous agreements with an institution receives which type of Privacy Statement when she opens an account at your institution?

Answer 27

Ana receives an Initial Privacy Notice

Question 28

How many times each year must a bank provide consumers with an Annual Privacy Notice?

Answer 28

None; Annual Privacy Notices are only given to customers

Question 29

Does Olaf receive a Privacy Notice if he is opening a new account as an existing customer?

Answer 29

Yes, Existing Customers receive Privacy Notices when obtaining no products or services

Question 30

Does an institution have to provide a Revised Privacy Notice if they begin sharing consumers’ nonpublic personal information with a new group of non-affiliated third parties?

Answer 30

Yes

Question 31

What right(s) do the privacy regulations stipulate for consumers?

Answer 31

The Right to Opt Out

Question 32

How does an institution educate consumers on their right to opt out?

Answer 32

The Privacy Notice must:

• Clearly explain the consumer’s right to opt out
• Provide a reasonable method for doing so

Question 33

What is considered in providing a reasonable method for consumers to Opt Out?

Answer 33

The Time and the Means of Opting out are considered

Question 34

How is Time considered in Opting Out?

Answer 34

Consumers have the right to opt out at any time, and you must comply with the consumer’s request as soon as possible

Question 35

How are Means considered in Opting Out?

Answer 35

• a toll-free telephone service
• a detachable form with mailing information
• an electronic form sent via e-mail or through the institution’s website

Question 36

Are Electronic Forms always considered reasonable?

Answer 36

No, they are only considered reasonable when the consumer has agreed to receive privacy notices electronically

Question 37

Is there a time limit on opting out of an institutions information-sharing program?

Answer 37

No, consumers have the right to opt out at any time

Question 38

What are the three categories to Opt-Out Exceptions?

Answer 38

1. Sharing with service providers and joint marketers
2. Sharing with other entities in order to process and service transactions
3. Sharing in various other situations

Question 39

Under which circumstance can an institution disclose a consumer’s information with third party service providers and/or joint marketers?

Answer 39

• the institution discloses these arrangements in your privacy notices
• third party(ies) in question are contractually bound to use the disclosed information only for specified purposes

Question 40

What is a Joint Marketing Agreement?

Answer 40

an arrangement between two or more financial institutions to jointly offer, endorse, or sponsor a financial product or service

Question 41

What exceptions are included in Various Other Situations?

Answer 41

• Fraud Protection
• Business Operations
• Regulatory Compliance

Question 42

What do the various other situation exceptions facilitate?

Answer 42

The Various Other Exceptions facilitate Bank Business

Question 43

How does a bank disclose information related to Fraud Protection?

Answer 43

Information is shared in efforts to prevent actual or potential fraud, unauthorized transactions, or claims

Question 44

How does a bank disclose information related to Business Operations

Answer 44

Information may be shared with an institution’s own attorneys, accountants, or auditors in order to facilitate institutional operations

Question 45

How does a bank disclose information related to Regulatory Compliance?

Answer 45

Information may be shared in order to comply with authorized civil or criminal investigation, or federal or state regulatory examination

Question 46

Many institutions do not provide information for opting out on their privacy notices. Why?

Answer 46

Because many institutions do not share information “outside the exceptions.” In this situation, consumers have nothing to opt out of

Question 47

Do institutions that share only “within the exceptions” have to provide an annual privacy notice to its customers every year?

Answer 47

No, the customers must only be notified that the notice is available electronically

Question 48

What other criteria must an institution meet in order to refrain from providing an annual privacy notice

Answer 48

• The privacy policy must not have changed since the previous year
• the institution uses the model form developed by federal regulators

Question 49

If a paper copy of a Privacy Notice is requested, is there a time limit on providing customers with the notice?

Answer 49

yes, the institution must provide the customer with a notice within 10 days of the initial request