Module 8: Financial Privacy

Question 1

3 Components of Financial Privacy

Answer 1

• Confidentiality
• Security
• Laws & Regulations

Question 2

Financial Privacy:

Confidentiality

Answer 2

– ensure the confidentiality of banking and other financial records

– encourage honesty regarding assets, debts, and ability to pay

Question 3

Financial Privacy:

Security

Answer 3

To ensure the security of confidential information and protection from theft and
fraud

Question 4

Financial Privacy:

Laws & Regulations

Answer 4

• • restrict how financial service firms may collect, use and disclose personal info
• -ensure financial info is accurate and fairly shared
• -establish rules about reporting obligations

Question 5

FCRA?

Why was it formed?

What is it?

Answer 5

Fair Credit Reporting Act (or FCRA)

rise of consumer credit led merchants to share in-depth customer data to facilitate lending to households

congress passed FCRA because individuals were being harmed by inaccurate information that they could neither see nor correct

Question 6

FRCA

3 components of the law are?

Answer 6

1) Regulations

Question 7

FRCA Regulations

Answer 7

Regulates consumer reporting agencies (CRAs)

Question 8

FCRA Provisions

Answer 8

The FCRA mandates accurate & relevant data collection and provides privacy rights in consumer reports:

> Consumers have the ability to access and correct their info

> Limits use of consumer reports to “permissible purposes”

Question 9

FCRA Enforcement

Answer 9

The FTC, the Consumer Financial Protection Bureau (or CFPB), and state attorneys general enforcement of the FCRA through:

> Dispute resolution
Private right of action
Government actions

Question 10

What are CRAs?

Answer 10

CRAs compile or evaluate personal information to furnish consumer reports to third parties for a fee

Question 11

What is a consumer report?

Answer 11

A “consumer report” is any communication by a CRA, related to an individual, which is used to establish that individual’s eligibility for:

• • credit
• • insurance
• • employment

Question 12

What is an investigative consumer report?

Answer 12

– gives information about one’s:
>character,
>reputation
>mode of living, etc.

– obtained through a personal interview

– FCRA limits the use of medical information obtained from a CRA.

• If needed for employment purposes, written consent is needed, and medical info must be relevant

Question 13

FACTA 2003

Answer 13

The Fair and Accurate Credit Transactions Act (FACTA) passed in 2003

-amended the FCRA to enact stronger consumer protections including

> truncation of credit and debit card #s

> affording consumers the right to free annual credit report from 3 national credit agencies

> requiring regulators to implement the disposal rule and red flags rule

Question 14

FACTA 2010

Answer 14

FTC updated in 2010 updating the disclosure required by companies advertising “free credit reports”.

Question 15

The Disposal Rule

Applies to?

Answer 15

individual or entity that uses a consumer report for a business purpose

EX:
>consumer reporting agencies
>lenders
>employers
>insurers
>landlords
>car dealers
>attorneys
>debt collectors
>government agencies

Question 16

The Disposal Rule

Requirement?

Answer 16

dispose of that consumer information in a way that prevents unauthorized access and misuse of the data

Question 17

The Disposal Rule

Violations

Answer 17

Civil liability as well as federal and state enforcement actions

Question 18

Red Flag Rule

Applies to?

Answer 18

Put into effect under FACTA

Financial institutions, such as 
> banks
> saving and loan associations
> credit unions
> creditors

Question 19

Red Flag Rule

Requirements

Answer 19

Develop a set of rules to mandate: >detection
>prevention and mitigation of
identity theft

Question 20

Red Flags Rule

Things to note

Answer 20

• Suspicious identification documents
• alerts
• unusual use of a covered account
• consumer report warnings
• suspicious personal identifying data

Question 21

Select Disposal Rule or Red Flags Rule (or both)?

Violators may face civil liability, as well as federal and state enforcement actions

Answer 21

Disposal Rule

Question 22

Select Disposal Rule or Red Flags Rule (or both)?

Includes discarding, abandonment, donation, sale, or transfer of information of documents

Answer 22

Disposal Rule

Question 23

Select Disposal Rule or Red Flags Rule (or both)?

Applies to both small and large organizations

Answer 23

Disposal Rule
&
Red Flags Rule

Question 24

Select Disposal Rule or Red Flags Rule (or both)?

Does not apply to creditors who extend credit only for “expenses incidental to a service”

Answer 24

Red Flags Rule

Question 25

Select Disposal Rule or Red Flags Rule (or both)? Develop and implement written identity theft detection programs

Answer 25

Red Flags Rule

Question 26

Select Disposal Rule or Red Flags Rule (or both)?

Answer 26

Red Flags Rule

Question 27

GLBA stands for?

Answer 27

Gramm-Leach-Bliley Act

Question 28

What does GLBA regulate?

Answer 28

regulates management of nonpublic personal info

Question 29

Who does GLBA apply to? What is the penalty?

Answer 29

Financial info provided by a consumer from a transaction or service otherwise obtained penalties under the Financial Institution Reform, Recovery and Enforcement (FIRREA)

Question 30

GLBA Privacy Rules

Answer 30

financial institutions to provide initial and annual privacy notices that are clear, conspicuous, and accurate, and inform customers of their rights to opt-out and process opt-out requests within 30 days. financial institutions to share any info they have within: >their affiliated and non-affiliated companies, >joint marketing partners >other 3rd parties provided that the notice standard is met and the FCRA-mandated opt-out is offered.

Question 31

3 Rules of the GLBA Privacy Rule

Answer 31

- Privacy Notice - Information sharing - Compliance

Question 32

GLBA Privacy Rule: Privacy notice must include:

Answer 32

``` Notices must include: • What is collected • With whom information is being shared • How information will be safeguarded • How consumers can opt out ```

Question 33

GLBA Privacy Rule: Information Sharing

Answer 33

Once notice and opt-out standards have been met, consumer information may be shared with: * Affiliated companies * Joint marketing partners * Nonaffiliated companies * Other third parties

Question 34

GLBA Privacy Rule: Compliance

Answer 34

Comply with regulatory standards established by government authorities to: • Protect the security and confidentiality of customer information • Protect against security threats and unauthorized access to or uses of customer information

Question 35

GLBA Safegaurd Rule: defined?

Answer 35

became effective in 2003. requires institutions to develop and implement a comprehensive information security program

Question 36

GLBA Safegaurd Rule: 3 levels of security

Answer 36

- administrative - technical - physical

Question 37

GLBA Safegaurd Rule: program design

Answer 37

- ensure the security and confidentiality of customer information - protect against any anticipated threats or hazards to information - protect against unauthorized access to or use of information that could result in substantial harm or inconvenience to customers

Question 38

GLBA Safegaurd Rule: program implementation

Answer 38

- designate an employee to coordinate safeguards - identify and assess risks and evaluate the effectiveness of the safeguards - design, implement and monitor a safeguard program - select and provide oversight of appropriate service providers

Question 39

GLBA Level of Security: Administrative security

Answer 39

- - Program definition - - management of workforce risks - - employee training - - vendor oversight

Question 40

GLBA Level of Security: Technical security:

Answer 40

- - Computer systems - - Networks and applications - - Access controls and encryption

Question 41

GLBA Level of Security: Physical security

Answer 41

- - Facilities - - environmental safeguards - - business continuity - - disaster recovery

Question 42

GLBA Level of Security: Program design

Answer 42

-- Ensure the security and confidentiality of customer information -- Protect against any anticipated threats or hazards to information -- Protect against unauthorized access to or use of information that could result in substantial harm or inconvenience to customers

Question 43

GLBA Level of Security: Program implementation

Answer 43

-- Designate an employee to coordinate safeguards -- Identify and assess risks and evaluate the effectiveness of the safeguards -- Design, implement and monitor a safeguard program -- Select and provide oversight of appropriate service providers

Question 44

California SB-1 defined

Answer 44

builds upon GLBA -heightened and increased responsibilities for protecting information and disclosing information and how you can do it and with whom and for what purposes

Question 45

California SB-1 Fines

Answer 45

low end $2500 up to $500,000 egregious offender: no cap

Question 46

California SB-1 defined

Answer 46

California Financial Information Privacy Act (SB-1)

Question 47

About California SB-1

Answer 47

- Expands GLBA - Increases disclosure requirements - Grants consumers right to opt out of information sharing

Question 48

Dodd-Frank and Consumer Protection background?

Answer 48

in response to financial crisis of 2008, congress enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act. Signed into law June 2010

Question 49

Dodd-Frank and Consumer Protection What law did it create?

Answer 49

The act created the new Consumer Financial Protection Bureau (CFPB) as an independent bureau within the Federal Reserve that oversees the relationship between consumers and financial product and services providers.

Question 50

CFPB provisions?

Answer 50

- rule-making authority | - enforcement

Question 51

CFPB Rule-making authority

Answer 51

- FCRA and GLBA | - Specific laws related to financial privacy and consumer issues

Question 52

CFPB Enforcement

Answer 52

- conducts investigations - issues subpoenas - holds hearings and commences civil actions against offenders

Question 53

Online Banking Security Measures

Answer 53

- Operating systems - Internet browser - firewalls, antivirus, and anti-malware programs - passwords and encryptions

Question 54

Online Banking Privacy measures

Answer 54

- authentication methods - public wifi dangers - mobile antivirus and malware detection software - mobile privacy policy - opt-out option of mobile ad targeting

Question 55

What are some major components of financial privacy? Select all that apply. A) Confidentiality B) Laws and regulations C) Security D) Anonymity

Answer 55

A, B, and C

Question 56

What does CRA stand for? A) Confirmed right of action B) Credit reform act C) cooperate retail authorities D) Consumer reporting agencies

Answer 56

D) Consumer reporting agencies

Question 57

Which is a provision of the Fair Credit Reporting Act (FCRA)? Select all that apply. A) Use of consumer reports is limited to three instances per six months B) Use of consumer reports is limited to "permissible purposes" C) Consumers have the ability to access and correct their information D) Consumers may request annual updates and alerts

Answer 57

B and C

Question 58

True or False? The Fair Credit Reporting Act (FCRA) amended the Fair and Accurate Credit Transactions Act (FACTA)

Answer 58

False

Question 59

True or false? The FACTA Disposal Rule requires any entity that uses a consumer report for a business purpose to dispose of it in a way that prevents unauthorized access and misuse of the data.

Answer 59

True

Question 60

Which act regulates financial institutions and their management of nonpublic personal information? A) Fair Credit Reporting Act (FCRA) B) Fair and Accurate Credit Transactions Act (FACTA) C) Gramm-Leach-Bliley Act (GLBA) D) Dodd-Frank Wall Street Reform and Consumer Protection Act

Answer 60

D

Question 61

Under the GLBA Privacy Rule, what must a privacy notice include? Select all that apply. A) What is collected B) With whom information is being shared C) How information will be safeguarded D) How consumers can opt out

Answer 61

All of the above

Question 62

Which authority was created by the Dodd-Frank Wall Street Reform and Consumer Protection Act? A) Bureau of the Fiscal Service (Fiscal Service) B) Consumer Financial Protection Bureau (CFPB) C)Bureau of Consular Affairs (CA) D)Federal Financing Bank (FFB)

Answer 62

A