GLB Privacy
A(n) _________________ is any entity that is owned by your institution or by the company that owns your institution.
Affiliate
Potential violations for failure to comply with the GLB Privacy Rule include failure to provide:
All of the above
Your institution's information security program must include policies that:
All of the above
Which is considered a nonaffiliated third party?
Another local institution, with no ownership in common with your institution
Broadly defined, personally identifiable financial information is:
Any information, financial or otherwise, that your institution has about its customers
Annual Privacy Notices must be sent to every:
Customer
A customer requests that his or her information is never shared under any circumstances. You should:
Explain there are exceptions to the Privacy Rule that allow sharing in certain situations
Your institution may change its privacy policy at any time without notifying its customers.
False
All of the following are examples of nonpublic personal information EXCEPT:
Information about a customer that is retrieved from a public record
If an institution does not share information for a particular type of isolated transaction (e.g., an ATM withdrawal), it must provide:
It need not provide any notice
John's only relationship with ABC Bank is a three-year car loan. For how long after that loan is paid off should ABC Bank continue to send an Annual Privacy Notice to John?
None of the above
All of the following are considered isolated transactions under the Privacy Rule EXCEPT:
Opening a checking account
All of the following are examples of personally identifiable financial information EXCEPT:
The name and address of an individual taken from a phone book
Failure to provide customers with information about their right to opt out of information sharing at the time an ongoing customer relationship is established is a violation of the Privacy Rule if the institution shares customer information that does not fall under one of the Rule's exceptions.
True
If an institution does not share information from loan applications, it is not required to provide privacy notices to applicants.
True
John, a customer of Atlantis Bank, performs his banking online and has elected to receive his bank notices electronically. Atlantis Bank may provide his privacy notice electronically.
True
Under the GLB Privacy Rule, your institution may share nonpublic personal information with its affiliates.
True
Under the Privacy Rule, every customer must be given a privacy notice regardless of whether the information is shared.
True
When applying for a loan, a consumer includes medical history information on the loan application. The medical history is now considered personally identifiable financial information.
True
A business customer of your institution discovers there are insufficient funds for another customer at your institution and requests the phone number of that customer. You are allowed to give this information, as it is:
You are not permitted to give out this information to a customer
