Financial Privacy Flashcards Preview

CIPP/US - Complete > Financial Privacy > Flashcards

Flashcards in Financial Privacy Deck (20)
Loading flashcards...

What is the FCRA?

The Fair Credit and Reporting Act. It mandates that accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes.


Who does the FCRA regulate?

Any consumer reporting agency (CRA) that furnishes a consumer report.


Who is a CRA?

Any person or entity that compiles or evaluates personal information for the purpose of furnishing consumer reports to 3rd parties for a fee.


What is a consumer report?

Any communication by a CRA related to an individual that pertains to the person's:
- Creditworthiness
- Credit Standing
- Credit Capacity
- Character
- General Reputation
- Personal characteristics
- Mode of living
and that is used as a factor in establishing a consumer's eligibility for credit, insurance, employment or other business purpose.


What are the 4 main requirements under the FCRA that users of consumer reports must meet?

1. Third party data for substantive decision making must be appropriately accurate, current and complete
2. Consumers must receive notice when third-party data is used to make adverse decisions about them
3. Consumer reports may be used only for permissible purposes
4. Consumers must have access to their consumer reports and an opportunity to dispute them or correct any errors.


What obligations are CRAs required to provide notice of to users of consumer reports?

1. Users must have a permissible purpose.
2. Users must provide certifications.
3. Users must notify consumers when adverse actions are taken.


Gramm-Leach-Bliley Act of 1999

GLBA, AKA Title V of the Financial Services Modernization Act

- any org that significantly engaged in US financial activities
-Must have a program for customer PII, that includes: storage, notice, and opt-out.

FTC managed.


GLBA Opt-Out Policy

Opt out only- you can choose not to have info shared to nonaffiliated 3rd parties, but no choice on data processors.


GLBA Privacy Rule

You must provide a privacy notice at relationship establishment and annually thereafter. You have the right to opt out of sharing to 3rd parties. If the policy changes, you must provide notice again.


GLBA Safeguards Rule

A formal infosec program must be in writing and in place.


Financial Institution Reform, Recovery, and Enforcement Act of 1989

FIRREA. If you violate GLBA, you face penalties under this. Admin'ed by CFPB (formerly FTC)


Bank Secrecy Act of 1970

BSA, AKA Currency and Foreign Transactions Reporting Act

- Transactions over 10k must be reported to the IRS- name, address, SSN, amounts, currency

Suspicious Activity Reports (SARs)
- any insider crime of any amount
- $5k+ and can ID suspect
- $25k+ and can't ID suspect
- $5k+ if potential money laundering

US Treasury and FinCEN


Right to Financial Privacy Act of 1978

RFPA- covers financial institutions, and says the Fed gov't can't access records of customers unless "reasonably described" and one of the following:
- Customer consents
- subpoena / warrant / summons
- written formal request from gov't authority

Treasury enforces.


Dodd-Frank Wall Street Reform Act of 2010

Title X created CFPB. Added "abusive acts and practices" to "unfair and deceptive" language.


CFPB now manages what acts?

Fair Debt Collections Act


Fair and Accurate Credit Transactions Act of 2003

FACTA. Focuses on ID theft and prevention. Must truncate credit, debit card #s and gives right to free annual credit report from big 3.

Established Red Flags Rule and Disposal Rule.

Enforced by FTC, the Fed, and CFPB.


FACTA Preemption and Opt-Out

A handful of states were allowed to keep STRICTER laws, but otherwise this generally preempts states.

Federally mandated opt-out of sharing available.


FACTA- Red Flag and Disposal Rules

Red Flag- you must have a set of rules to detect, prevent, and mitigate ID theft, and the program must be written out.

Disposal- anyone using a consumer report must dispose of the info in a way that prevents unauthorized use.


Equal Credit Opportunity Act of 1974

ECOA- you can't discriminate credit on the basis of race, color, religion, origin, age, sex, aid received, kids.

You can't ask about marital status if applying "single" unless the state is a "community property" state.

If credit is denied, must notify within 30 days.



Red Flag Clarification Act of 2010

narrowed definition of a creditor and when they're covered, so related third parties (like attorneys and health care providers) aren't covered by FACTA.