01/02/2007
Our e-newsletter program is brand new to us. If we provide a link to an external site that is not co-branded with our bank, are we required to have a speed bump? If so, what is the bare minimum we need to say? The reason I am asking is that we have a speed bump in place on our web site and it is quite lengthy. In this instance, if I were to add the speed bump, it actually has more content in it than our e-newsletter. I do receive e-newsletters from other banks and they do not have speed bumps. Since this area is new to us, I want to have policies in effect as we go forward.
10/23/2006
Besides the annual privacy disclosure are there any other disclosures required to be provided to customers annually?
10/09/2006
What are the bank policies that need board approval and how frequently?
10/02/2006
In the past, we sent mortgage loan closing documents to the title company via the internet. We stopped this practice because we feel that without having a secured e-mail line, and without encrypting the data, we would be in violation of GLB. Same with sending our Good Faith Estimates, or other disclosures. We stopped sending via e-mail to customers because of GLB issues. Are we correct in that it would be a violation of GLB to send non-public financial information electronically over a non-secure line?
09/11/2006
We're being requested by the US Treasury to handle, over the telephone, amongst other things:* non-receipt of ACH credit claims, * request for account ownership info, and others that they want to give to us. We do not have to resolve the actual issue real-time over the phone but at a minimum, take in their claim/request. They're referring to the Social Security Act (Section 1441, Title 26, Title II the Railroad Retirement Act of 1974 and the Right to Financial Privacy Act (12 U.S.C. 3413 (K)) and saying that we're required to comply. Are you familiar with this and what are we required to do?
08/14/2006
I work for a federal agency that sends literally millions of deposits directly to bank accounts each month. Our policy states that in the event a beneficiary does not receive a direct deposit in his/her account, we must verify with the bank that the deposit was not received. With the financial privacy act in mind, can banks verify whether or not a deposit has been received if the depositor knows the owner of the account, the account number, the SSN of the account holder, the amount of deposit and the date it was deposited?
08/14/2006
In the past, we sent mortgage loan closing documents to the title company via the internet. We stopped this practice because we feel that without having a secured e-mail line, and without encrypting the data, we would be in violation of GLB. Same with sending our Good Faith Estimates, or other disclosures. We stopped sending via e-mail to customers because of GLB issues. Are we correct in that it would be a violation of GLB to send non-public financial information electronically over a non-secure line?
06/19/2006
We would like information on whether a bank is required to contact regulators and customers when an employee has e-mailed some non-public information of our customers to an employee at another financial institution. The purpose was to get copies of forms, but some information such as loan numbers, loan amounts, and names of customers were on the copies of the documents. Since this information was passed between financial institutions, and all efforts will be taken to inform the other financial institution that this information was passed and must be held confidential or destroyed, does this create the notice requirement for privacy of a breach?
05/01/2006
Under our CIP Policy, a credit card may be accepted as a second form of ID. The new account reps have been making a photocopy of the credit card for the customer file, which is later scanned for retention. Is there a specific prohibition on obtaining a photocopy of an applicant's credit card and retaining the copy for CIP purposes? Could this be a privacy issue?
04/03/2006
We are thinking about monitoring customer accounts for activity and notifying them when it is unusual. How can Marketing help put a positive spin on this instead of a privacy woe?