Employees who have accounts are consumers and are covered by all laws as consumers and customers of the bank. A leak of bank customer information is not limited based upon the avenue through which the leak occurred. Reg E prohibits banks from requiring that employees maintain accounts with the employer bank.
Reg E 205.10:
(e) Compulsory use--(1) Credit. No financial institution or other person may condition an extension of credit to a consumer on the consumer's repayment by preauthorized electronic fund transfers, except for credit extended under an overdraft credit plan or extended to maintain a specified minimum balance in the consumer's account. (2) Employment or government benefit. No financial institution or other person may require a consumer to establish an account for receipt of electronic fund transfers with a particular institution as a condition of employment or receipt of a government benefit.
Commentary:1. Payroll. An employer (including a financial institution) may not require its employees to receive their salary by direct deposit to any particular institution. An employer may require direct deposit of salary by electronic means if employees are allowed to choose the institution that will receive the direct deposit. Alternatively, an employer may give employees the choice of having their salary deposited at a particular institution (designated by the employer) or receiving their salary by another means, such as by check or cash.
First published on BankersOnline.com 11/12/07
GLBA Breach?
Answered by:
Question:
I have a very technical GLBA question. It is my understanding that if all employees of the bank are required to have deposit accounts then they are also considered a customer under GLBA. If there happened to be a breach of employee nonpublic information through the HR department, say the payroll vendor was compromised and all employees' social security numbers were released, would this not be considered a breach under GLBA and notification required to the affected customers (employees) along with notice to our regulators? Is it possible since the breach occurred through HR department and was of employees' nonpublic information that it is not defined as a breach under GLBA?
Answer: