Gramm-Leach-Bliley Act

Ace your homework & exams now with Quizwiz!

Children's Online Privacy Protection Act

- Verifiable Parental Consent required before collection personal info on a child under age of 13 - Applies to sites, apps

Resellers Must

- Verify ID and purpose of user - disclose to the original CRA each end-user and permissible purpose - know exactly who you are doing business with.

What is a Financial Institution according to the GLBA?

Any company that is in the business of engaging in certain financial activities identified under federal law including: Extending Credit Taking Deposits Providing Insurance

Most Common Financial Institutions

Banks, Credit Unions, Securities Brokers and Insurance Companies

Consumers

Broad Term

Reuse and Redisclosure

Can get info to protect fraud, but can't (expand on this)

COPPA

Children's Online Privacy Protection Act

What is the CFPB?

Consumer Financial Protection Burea

GLBA applies to these "significantly-engaged' non-bank institutions:

Consumer Reporting Agencies, Resellers, Debt Collectors, Mortgage Brokers and others that provide financial services. Only if significantly engaged.

CRA

Credit Reporting Agency

DPPA covers

DMVs may not disclose data

DPPA

Driver's Privacy Protection Act

Which Federal regulator is responsible for information security regulation?

FTC - Federal Trade Commission - Info Security

The Safeguards Rule

FTC issues the Safeguards Rule to implement the GLBA info security requirements.

GLBA

Gramm-Leach-Bliley Act

HIPAA

Health Insurance Portability and Accountability Act

GLBA Exceptions

If the disclosure necessary to: - effect, administer or enforce a transaction the consumer requests; - in connection with servicing or processing a FProduct or service that consumer requests; - maintaining or servicing consumer's account - with consent or a discretion of consumer - protect against or prevent actual or potential fraud, unauthorized transactions, claims or other liability - to or from a consumer reporting agency in accordance with requirements of the Fair Credit Reporting Act

NPI

Non-public Personal Information

Purposes of the GLBA

Respect Privacy of customers, protect security and confidentiality of information about those customers.

Primary Focus of the GLBA

The GLBA's purpose was to remove legal barriers preventing financial institutions from providing banking, investment and insurance services together.

Information Security Program

Insure security and confidentiality Protect against any anticipated threats or hazards to security or integrity of cusomter info. Protect against unauthorized access to, or use of, such info that could result in harm or inconvenience.

How did GLBA change the financial industry landscape?

Led to consolidation of different types of financial institutions into single holding companies.

Credentialing

The process of making sure that reports provided are used for permissible purposes only. CRA will conduct investigation of customers and propsective customers: - site visit - regular audits of customers account usage.

Customer

Specific type of Consumer Has an existing customer relationship with a financial institution. Ex: Individual with an automobile installment loan provided by a bank (in present).

How are GLBA rules implemented?

Different federal agencies write rules and implement for different sectors.

What are the two types of Financial Institutions?

1. Providers of financial products and services to consumers; B2C 2. Providers of financial products and services to other companies; B2B

PIFI

Personally Identifiable Financial Information

PHI

Protected Health Information

CFIPA

California Financial Information Privacy Act

FCRA

Fair Credit Reporting Act

What is the FTC?

Federal Trade Commission

Which Federal Regulator is responsible for the privacy regulation?

CFPB - Consumer Financial Protection Bureau- Privacy

What types of info are NPI?

1. Any info that a consumer provides to a financial institution to obtain a financial product or service; 2. Any info about a consumer resulting from a transaction involving a financial product or service between the institution and consumer (for example, a credit balance) 3. Any info a financial institution obtains about a consumer in connection with providing a financial product or service to that consumer (like a credit card app) 4. Any list, description or grouping of consumers derived using these types of information.

Data Security Laws & Rules

Intended to protect against unintended disclosure of PII; Personally Identifiable Information

Information Security Program must...

- designate an employee to coordinate program - ID internal and external risks to customer info and assess sufficiency of safeguards in place to control these risks -

Non-traditional financial institutions?

Consumer Reporting Agencies & Debt Collectors

GLBA Rights and Duties

1. Right to opt-out 2. Initial and annual privacy notices 3. Limits on disclosure to nonaffiliated third parties Limits on redisclosure and reuse 4. Safeguarding customer information

Annual Notices

Types of NPI that the FI collects and discloses; Types of affiliated and non-affiliated third parties to whom the FI discloses NPI Explanation of opt-out of disclosure of NPI to non-affiliated 3rd parties. Description how info is provided to 3rd parties.


Related study sets

Human Anatomy lecture Final exam

View Set

AP Psychology Chapter 10 Questions

View Set

Potter and Perry, Fundamentals: Chapter 11 - Developmental Theories

View Set

Chapter 25 The Industrial Revolution 4 sections

View Set