GLBA Reg P
Which of the following are considered reasonable means of opting out: a) Requiring the customer to write a letter to the bank's chief executive officer (CEO) b) An electronic means if consumer has agreed c) A verbal conversation with banker d) A detachable form on the privacy notice e) A toll-free number
B, D, E
What are the three main exceptions for information sharing with non-affiliates that does not require the bank to provide an opt out?
1) Process and service transactions 2) Comply with legal requirements 3) Perform services or market jointly
Customers only have the specified timeframe to opt upon receiving the notice to opt out.
False- Banks must give the customer a reasonable time to opt out BEFORE sharing information. The customer can opt out at any time
GLBA applies to nonpublic information about business entities.
False- GLBA applies to nonpublic personal information about individuals but not to information about business entities
How does GLBA affect information sharing with affiliates?
GLBA does not affect a bank's ability to share info with affiliates-however the FCRA requires banks to inform the consumers of the sharing and to allow them to opt out of sharing for marketing purposes
Connie Lin has personal and business accounts with Metro Bank. Which of Connie's information does the Gramm-Leach-Bliley Act (GLBA) protect? A. Her nonpublic personal information associated with her personal accounts B. Her business information associated with her business accounts C. Her publicly available information associated with her personal accounts D. Her publicly available information associated with her business accounts
A
The Gramm-Leach-Bliley Act (GLBA) restricts how banks can share their customers' nonpublic personal information with a nonaffiliated third party. Which statement is true about nonaffiliated third parties? A. A nonaffiliated third party is any person or entity other than the bank, the bank's employees, or a bank affiliate B. A nonaffiliated third party refers to the bank, the bank's employees, or a bank affiliate C. A nonaffiliated third party is any person or entity other than the bank D. A nonaffiliated third party is a bank's wealth management affiliate
A
When is it acceptable for a bank to delay providing a privacy notice after establishing a new customer relationship? A. When providing the notice would delay the transaction (for example, an account opened over the phone), and the customer agrees to receive the notice later B. When the account is opened at a branch, and the branch is temporarily out of the notices (as long as the bank mails the notice within 30 days) C. When the account is opened at a branch, and the bank associate verbally describes the bank's information-sharing practices D. When the account is opened online, and the customer chooses paperless delivery for statements and notices
A
Shannon Jackson is a customer of National Trust Bank. Which statement describes the three reasons that National Trust Bank may share Shannon's information without giving her the right to opt out? A. To process and service transactions; to comply with certain legal requirements; to validate the bank's market share in its geographic region B. To process and service transactions; to comply with certain legal requirements; to perform services for the bank or jointly market financial products and services C. To comply with certain legal requirements; to perform services for the bank or jointly market financial products and services; to generate revenue by selling customer leads to a nonaffiliated third party D. To comply with certain legal requirements; to perform services for the bank or jointly market financial products and services; to share information with credit-repair organizations
B
Describe the "comply with legal requirements" notice of opt out exception
Banks may disclose information when required to perform certain actions: • Protect the confidentiality or security of customer records • Prevent actual or potential fraud or unauthorized transactions • Resolve consumer disputes or inquiries • Report to the Internal Revenue Service (IRS) interest paid or earned • Respond to a subpoena or court order • Report suspicious activity to government agencies such as the Financial Crimes Enforcement Network (FinCEN)
Describe the "perform services or market jointly" notice of opt out exception
Banks may share information with outside companies that perform services for the bank, including marketing the bank's financial products or services or those offered jointly by the bank and another financial institution. Banks must explain these arrangements and, by contract, prohibit the third party from disclosing or using the information for anything other than the specified purposes. Consumers have no right to opt out. However, banks must notify customers that they will share their information.
Describe the "process and service transactions" notice of opt out exception
Banks may share personal information with outside companies that provide essential services to the bank such as processing transactions or ordering checks.
What are the two conditions needed for banks to share nonpublic personal information with non-affiliates?
Banks must provide a notice of the right to opt out and give the customer a reasonable amount of time to opt out (generally 30 days)
Gil Esparza recently opened his first checking account and received a privacy notice from his bank. Assuming Gil's bank shares information with nonaffiliated third parties, at what other times should Gil expect to receive this notice? A. In each periodic statement he receives for his checking account B. Quarterly, in a special mailing sent to his statement address C. Quarterly and when the bank's information-sharing practices change D. Annually, upon request, and when the bank's information-sharing practices change
D
Troy Kemp tells one of his bank customers, "By using outside vendors, which operate under strict confidentiality agreements, we can keep costs down by outsourcing functions such as check printing, credit card processing, or marketing of the bank's own products and services." Which benefit of information sharing did Troy describe? A. Fraud detection B. Tailored products and services C. Innovation D. Efficiency
D
Which statement is true when a bank operates in a state where state laws are more protective than the Gramm-Leach-Bliley Act (GLBA)? A. The bank must require customers living in that state to agree to GLBA's less-stringent protections in order to have an account B. The bank may choose to comply with the more protective state laws but is not required to do so C. The bank needs to comply with GLBA, not the state privacy laws, since GLBA is a federal law D. The bank must know about the more protective state laws to determine whether it must take any additional steps
D
Posting its privacy notice on a bank's website meets the requirement to provide the notice to customers.
False
National Bank may share customer Sonia Carpenter's information with the vendor that administers its rewards program. What is required of National Bank when doing so?
National Bank does have to inform Sonia but does not have to give her the right to opt out
If a customer agrees to receive the privacy notice electronically, do banks have to prove demonstrable consent in accordance with E-SIGN consent requirements?
No
Can the bank provide one opt out notice to joint account holders?
Yes
Which of the following is not a requirement of GLBA's Title V and Regulation P? A. Establish a privacy policy B. Establish a social media policy C. Give customers and other consumers the right to prohibit information sharing in certain circumstances D. Provide written notices of the bank's privacy practices
B
To avoid having to send an annual privacy notice, which two conditions must a bank meet? A. The bank has no affiliates B. The bank has not changed its privacy notice since it last sent its privacy notice C. The bank is adding a new affiliate but does not plan to share any information with that affiliate D. The bank only shares information under one of the existing statutory or regulatory exceptions
B and D
Dev Aziz would like to opt out of his bank's information-sharing practices. Which item is an example of the "reasonable means" his bank must provide for him to do this? A. A sign posted in the bank branch's lobby referring customers to a bank associate B. A paper form included in the periodic statement for a checking account C. A detachable form on the privacy notice with mailing information D. A requirement that the customer write a letter to the bank's chief executive officer (CEO)
C
First State Bank wants to be sure it provides its initial privacy notices to customers according to the Gramm-Leach-Bliley Act's (GLBA's) requirements. What is/are the acceptable way(s) First State Bank can provide this notice? A. By voice mail left at the customer's preferred phone number B. By posting the privacy notice on the bank's website C. By mail or in person, in a form the customer can keep, or electronically if the customer agrees D. By a verbal description from the associate who opened the account
C
How does a bank determine which consumers are considered its customers for the purposes of the Gramm-Leach-Bliley Act (GLBA)? A. A ''customer'' is a consumer who has been to a bank branch at least twice in the past 2 years B. A ''customer'' is a consumer who has initiated any type of transaction with the bank C. A ''customer'' is a consumer with a continuing relationship with the bank D. A ''customer'' is a consumer who has had a relationship with the bank for more than a year
C
South Mountain Bank is reviewing the privacy notice it sends to its customers describing the conditions under which it may disclose their nonpublic personal information to nonaffiliated third parties. Which information is the bank required to include in this disclosure? A. The full list of federal laws that protect consumer privacy B. The bank's mission statement, which should include a commitment to protecting customer privacy C. The categories of nonpublic personal information the bank collects and shares D. The list of customers who have opted out of information sharing
C
