Web Page Policy
A presence on the Internet raises special privacy concerns. The possibilities of how information security can be breached are multi-directional. There is the customer, who should have access to their own account information - and no-one else's. There is the bank staff, who should not be logging in to account information without proper authorization and an appropriate purpose. And then, there are hackers.
Procedures for web page privacy should take all of these issues into account. Customer use, internal procedures, and Internet or online security are separate issues. Your web page privacy policy should:
- include controls to guard against unauthorized access to networks, systems, and databases;
- protect customers during transmissions over public networks;
- create proof that both the sender and the recipient participated in the transaction;
- ensure the integrity and accuracy of your customer account information;
- provide for correcting or updating customer information that is in use; and
- permit customers to review and correct any erroneous or outdated information.
To accomplish this level of security for customer data, OTS recommends that the institution use dual controls whenever feasible.
On websites, the notices should not only be clear and easy to understand, they should also be convenient to access from anywhere in the website. Because of the nature of websites (and the known propensity of mice to scuttle into unintended places) the privacy notices on websites should be situated so that customers must see or read them at critical times - before they are prompted to provide any personal information.
Copyright © 1999 Compliance Action. Originally appeared in Compliance Action, Vol. 4, No. 13 & 14, 11/99