The GLB ACT - The Gramm-Leach-Bliley Act (Regulation P)

¡Supera tus tareas y exámenes ahora con Quizwiz!

The Gramm-Leach-Bliley Act

Enacted to protect the privacy of consumer personal information.

NPI includes information such as

Name, SSN, or other information on a loan application.

Privacy notices must be delivered in writing by

mail, in person, or by posting on the institution's website, unless the consumer consents to electronic delivery; posting a privacy notice at an office does not satisfy the delivery requirements

A consumer who does not want to receive phone calls from telemarketers,

may submit his or her number to the national registry

If a consume requests that his or her number be placed on a company-specific list,

the company has 30 days in which to do so

PRIVACY NOTICE A privacy notice is a

"clear and conspicuous" written notice describing a financial institution's privacy policies and practices.

NPI also includes any information derived from the loan process, such as:

- Account Numbers, Payment history, loan balances, deposit balances, or credit card purchases - A credit report

In addition to the initial notice, customers must receive

an annual privacy notice as long as they are customers; the GLB Act provides that this may be delivered electronically via a webpage, provided that the institution complies with all requirements and restrictions for doing so

Consumer

an individual who has obtained an isolated financial product or service from a financial institution for personal, family, or household reasons, but does not have an ongoing relationship with the institution.

A financial institution must provide

and customers with an opportunity to "opt out" of information sharing with non-affiliates (i.e., direct the institution to refrain from sharing NPI) and instruction on how to do so. A company's policy should include a convenient method to opt out and a reasonable time to opt out before information is shared.

The Telemarketing Sales Rule (Do-Not-Call) Rule

authorized the creation of the Do-Not-Call Registry and establishment of do-not-call restrictions under the telemarketing sales rule.

Customer

a consumer with whom the institution has a continuing relationship.

Even if a consumer's phone number is on the Registry,

a seller or telemarketer may market them via the telephone with the clear, conspicuous written consent of the consumer

Companies must maintain

specific do-not-call lists.

A company may contact someone on the registry if

it has an established business relationship with the consumer

A phone number remains on the Registry until

it is removed or its service is discontinued

Safeguards Rule Security Plan Requirements The Safeguards Rule puts in place the document security requirements relating to NPI, as set forth in the GLB Act. Under the Rule, a financial institution must:

- Designate one or more employees to oversee the information security program - Identify and assess the risks to customer information in each relevant area of the company's operation and evaluate the effectiveness of the current safeguard program and regularly monitor and test it - Design and implement a safeguard program and regularly monitor and test it - Select appropriate service providers and require them to safeguard consumers' personal information - Evaluate and regularly update the program based on changing factors, including changes in the firm's business arrangements or operations or as a result of its monitoring of the program

The Rule covers telemarketers and third-party sellers. Exemptions from the requirements of the Rule include the following:

- Political calls, such as those from or on behalf of candidates running for political office - Charities calling on their own behalf to solicit charitable contributions - Calls to persons with whom a seller or telemarketer has an established business relationship - Calls to persons who have provided prior written consent for receipt of telemarketing calls - "Prior written consent" may include providing an electronic signature on the website of a seller or telemarketer

All customers must

be provided with a privacy notice that clearly discloses the institution's practices for sharing NPI with affiliates and with third parties and specifies what information will be shared and with whom; this notice is due at the time a customer relationship is established

A company that violates the telemarketing sales rule may be fined up to $42,530 per violation, and

each phone call is treated as a separate violation.

PRIVACY NOTICE REQUIREMENTS A privacy notice must include

- Categories of NPI collected and disclosed - Categories of affiliates and non-affiliated third parties to which the information is disclosed - Categories of information about former customers disclosed and to whom under the joint marketing/service provider exception (with the customer's permission) - If NPI is disclosed to non-affiliated third parties, the categories of information disclosed and the categories of third parties to which such information is disclosed - An explanation of the consumer's right to opt out of the disclosure of NPI to non-affiliated third parties - Disclosures required by the Fair Credit Reporting Act - The policies and practices used to protect the confidentiality and security of NPI

An established business relationship is a realtionship between a company and consumer in which the consumer:

- Purchased, rented, or leased goods and/or services from the seller or participated in a financial transaction with the seller within the 18 months preceding a telemarketing call, or - made an inquiry into the business of the seller within three months preceding a telemarketing call

Entities covered under the do-not-call rules may not call a phone number that is listed on the Registry. Companies are required to update their call lists by reviewing the Registry

every 31 days

All Consumers must receive a privacy notice if the institution intends to share the consumer's NPI with non-affiliated third parties, but

if the institution does not intend to share the information with non-affiliated entities, a privacy notice to consumers is not required.

Personally-Identifiable Financial Information

information provided to a financial institution by a consumer in connection with a credit transaction, or information secured by the financial institution in connection with such a transaction.

NONPUBLIC PERSONAL INFORMATION Nonpublic Personal Information:

is any personally-identifiable financial information that a financial institution obtains in connection with providing a financial product or service, unless that information is otherwise publicly available.

Enforcement of provisions of the GLB Act

is through the Consumer Financial Protection Bureau


Conjuntos de estudio relacionados

علوم - الحركة والزخم + القوة وقوانين نيوتن

View Set

Chapter 20 Nursing Management Pregnancy at Risk: Health Conditions & Vulnerable Populations

View Set

HIS 102 Western Civ Kevin Windham Exam One

View Set

Leadership and Personal Development Final Exam

View Set

N201 OB: Pregnancy, Labor, Childbirth, Postpartum- Uncomplicated

View Set

Integumentary System Adaptive Quizzing

View Set

PN Learning Fundamentals Practice Quiz 2

View Set

ТЕРМИНЫ, ОБОЗНАЧЕНИЯ, СОКРАЩЕНИЯ, ОПРЕДЕЛЕНИЯ

View Set