Financial Flashcards
Who does the Fair Credit Reporting Act of 1970 (FCRA) apply to?
FCRA regulates consumer reporting agencies (CRAs).
- CRAs compile or evaluate personal information to furnish consumer reports to third parties for a fee.
- FCRA limits the use of medical information obtained from a CRA. If needed for employment purposes, written consent is needed, and medical information must be relevant.
What are the key provisions of the Fair Credit Reporting Act of 1970 (FCRA)?
FCRA mandates accurate and relevant data collection and provides privacy rights in consumer reports.
* Consumers have the ability to access and correct their information
* Limits use of consumer reports to “permissible purposes”
What is the difference between an consumer report and an investigative consumer report under the FCRA?
- A “consumer report” is any communication by a CRA, related to an individual, which is used to establish that individual’s eligibility for credit, insurance, employment, etc.
- An “investigative consumer report” gives information about a one’s character, reputation, mode of living, etc. and is obtained through a personal interview.
How is the Fair Credit Reporting Act of 1970 (FCRA) enforced?
The FTC, the Consumer Financial Protection Bureau (or CFPB), and state attorneys general enforce the FCRA through:
* Dispute resolution
* Private right of action
* Government actions
How did the Fair and Accurate Credit Transactions Act of 2003 (FACTA) amend the FCRA?
FACTA amended the FCRA by enacting stronger consumer protections, including:
*the truncation of credit and debit card numbers;
affording consumers the right to an explanation of their credit scores, as well as the right to a free annual credit report;
*the Disposal Rule and the Red Flags Rule.
Describe the FACTA disposal rule- who does it apply to, what does it require, and what happens if you break it?
Applies to: Individuals or entities that use consumer reports for business purposes; e.g., consumer reporting agencies, lenders, employers, insurers, landlords, car dealers, attorneys, debt collectors, government agencies
Requirement: Dispose of consumer information in a way that prevents unauthorized access and misuse of the data
Violations: Civil liability as well as federal and state enforcement actions
Who does the Financial Services Modernization Act of 1999 (“Gramm-Leach-Bliley” or GLBA) apply to? What is the main intent of this law and how is the key term “personally identifiable financial info” defined?
GLBA regulates financial institutions and their management of nonpublic personal information. This includes providing notice of their policies regarding sharing personal financial information and the choice to opt out.
Personally identifiable financial information may be provided by consumers, from their transactions or consumer services, or can be otherwise obtained by financial institutions.
What are the consequences of violating the GLBA?
Banking and related financial institutions that fail to comply with GLBA requirements can be subject to substantial penalties under the Financial Institution Reform, Recovery and Enforcement Act.
What must be included in a GLBA privacy notice?
Privacy Notices must include:
* What is collected
* With whom information is being shared
* How information will be safeguarded
* How consumers can opt out
Who can companies share information with under GLBA (provided they’ve met all the notice and opt-out standards?)
Once notice and opt-out standards have been met, consumer information may be shared with:
* Affiliated companies
* Joint marketing partners
* Nonaffiliated companies
* Other third parties
What is the GLBA privacy rule?
The GLBA Privacy Rule requires financial institutions to provide initial and annual privacy notices that are clear, conspicuous and accurate, and inform customers of their right to opt out and process opt-out requests within 30 days.
What is the GLBA safeguards rule?
The GLBA Safeguards Rule requires financial institutions to develop and implement a comprehensive information security program. An information security program must incorporate three levels of security: administrative, technical and physical.
What are the three levels of security required by the GLBA safeguards rule?
- Administrative security: Program definition, management of workforce risks, employee training, vendor oversight
- Technical security: Computer systems, networks and applications, access controls and encryption
- Physical security: Facilities, environmental safeguards, business continuity, disaster recovery
What is California SB-1 and how does it relate to the GLBA?
California SB-1:
* Expands the financial privacy protections afforded under GLBA
* Increases the disclosure requirements of financial institutions doing business in California
* Grants consumers who are California residents increased rights with regard to information-sharing, including the ability to opt out of information-sharing between their financial institutions and affiliates not in the same line of business
What is the FACTA Red Flags Rule?
Financial institutions must look for “red flags” pointing to identity theft.
Applies to: Financial institutions, such as banks, savings and loan associations, credit unions and creditors
Requirements: Develop a set of rules to mandate the detection, prevention and mitigation of identity theft