10/04/2004
Is it true that a financial institution's overall data liability, particularly with respect to Gramm-Leach-Bliley, extends to the actual hardware they dispose of? Some banks seem to take this very seriously and are willing to spend money to secure their retired assets and ensure that customer is permanently erased. But other firms seem more interested in getting money for their old systems than protecting themselves from data liability issues. I have heard situations where laptops bought on Ebay were found to contain customer data. Could a firm or its officers be prosecuted for allowing such security lapses to take place?
08/02/2004
Are there any regulations which require employee background checks and bonding? If so, what are the requirements? If there are no requirements, are there any "best practices" for smaller community banks?
07/01/2004
The proposal for the protection and destruction of information obtained from consumer reports is out. In some respects, there isn't much new or particularly burdensome about the proposal.
06/21/2004
What law or regulation addresses a bank employee giving out information on banking information to an outside party that has no tie to the account?
02/16/2004
Recently, I called another bank to see if a check that my customer had would clear on the account drawn at their bank. They told me that due to privacy laws they could not give me that information. All I needed was to give them the amount of the check and for them to say yes or no on whether or not it would clear. Does the new privacy law really prevent from a bank from being able to call to see if a check will clear?
12/15/2003
Is annual training on Privacy/Reg P required?
12/15/2003
Our bank shares nonpublic personal information with an unaffiliated third party with whom we have a joint marketing arrangement for marketing credit card accounts. Under the agreement we are required to provide them in an electronic format the names, addresses, telephone numbers and social security numbers of our existing customers for the purpose of allowing them to solicit our customer for credit card accounts. Are we allowed to disclose telephone numbers and particularly social security numbers without providing our customers the opportunity to opt out? Our initial and annual disclosures do contain the required verbiage that we may disclose all of the information we collect to companies that perform marketing services on our behalf or with whom we have joint marketing agreements?
10/20/2003
What recourse does a customer have when a bank employee gives out a SS# and loan information without the customer's permission?
10/06/2003
We face new challenges everyday with respect to viruses, ongoing software patches and updates as well new technologies to integrate within our bank. All of these put a strain on our IT resources. How do other banks justify staffing requirements and handle peak demand times?
09/01/2003
Commonly cited violations have long been a source of important information for the design and management of compliance programs.