Presentation is loading. Please wait.

Presentation is loading. Please wait.

Current Privacy Issues That May Affect Your Credit Union

Published byAlaina Walker Modified over 6 years ago

Similar presentations

Presentation on theme: "Current Privacy Issues That May Affect Your Credit Union"— Presentation transcript:

1 Current Privacy Issues That May Affect Your Credit Union
Presented By: Christopher J. Pippett, Esquire Ashley L. Beach, Esquire Pennsylvania Credit Union Association Webinar July 13, 2016

2 Privacy Basics 12 C.F.R. Part 716 adopted by the National Credit Union Administration (“NCUA”) in May 2000 to implement the Gramm-Leach-Bliley Act (the “GBLA”). Notice of privacy policies and “opt-out” of the disclosure of consumer’s nonpublic personal information (“NPI”). This requirement exists whether or not a credit union shares nonpublic personal information. Annual notice may now be online. Follow redisclosure limitations on NPI from nonaffiliated financial institution.

3 NPI Any information not publically available that:
A consumer provides to a credit union to obtain a financial product or service; Results from a transaction between the consumer and the credit union; A credit union otherwise obtains about a consumer in connection with providing a financial product or service.

4 NPI Phone numbers, addresses, social security numbers, income, credit score, cookies collected by internet collection devices, addresses New technology means new NPI Lists Even information that is publically available might be NPI if it is part of a list that associates that information with NPI – ex. The fact that a consumer is a member of a credit union. Be aware of lists compiled and maintained electronically.

5 Non-Affiliated Third Party
Any person except a credit union’s affiliate or a person employed jointly by a credit union and a non-affiliate. “Affiliate” – a company that controls, is controlled by, or is under common control with the credit union. Example: credit union service organization that is 67 percent owned by the credit union.

6 Opt Out Right Reasonable opportunity Reasonable means Circumstantial
NCUA example is 30 days Reasonable means Check-off boxes Reply form Toll free telephone number Writing a letter is not reasonable

7 Exceptions to Opt Out Requirement
Credit unions do not need to comply with the opt out if they limit disclosure of NPI: To nonaffiliated third parties who are performing services for the credit union including marketing. Must provide notice to consumers Contract must specify joint service Additional exceptions may apply As necessary to effect, administer, or enforce a transaction requested by a consumer. Specified disclosures to protect against fraud, to attorneys, auditors, or other legal requirements.

8 Notice Basics Member v. consumer Initial notices Annual notices (covered by recent update) Clear and conspicuous Delivery rules

9 Consumer v. Member Consumer – individual who obtained a financial product from the credit union for personal, family, or household purposes. Member – has a continuing relationship with a credit union under which the credit union provides one or more financial products for personal, family, or household purposes.

10 Notice Content Categories of information collected
Categories of information disclosed Categories of affiliates and non-affiliates Policies on former member NPI Information disclosed to service providers Explanation and opt out method Opt out notices under Fair Credit Reporting Act Policies for protecting information and the security of information Statement of disclosures to non-affiliated parties

11 Annual Notice “FAST” Act amends GLBA
NCUA issues new guidelines limiting annual notice requirements No new privacy notice if: No change to policies and practices since last notice NPI only shared in accordance with existing GLBA exceptions

12 Applicable Exceptions
Performing services for, or functions on behalf of, the credit union, pursuant to a joint marketing agreement; Administering, servicing, or processing a transaction a consumer requests or authorizes; maintaining or servicing certain consumer accounts; or performing securitizations, secondary market sales, or similar transactions; or Other specified operational and legal purposes, including disclosure with the consumer’s consent or at the consumer’s direction and disclosure to protect the confidentiality and security of records related to the consumer, service, product, or transaction.

13 Internal Controls Identify and continue to update information sharing practices. Review and update information sharing agreements. Ensure complaint logs and telemarketing scripts. Categorize types of NPI collected by the credit union. Review consumer complaints relating to NPI.

14 Responding to Inquiries
Preparation Considerations Other Requests(proper and improper) Internal Controls - Employee Handling of Information

15 Responding to Inquiries (Cont’d.)
Location of documents Key personnel Litigation hold letter Policies for document retention and maintenance

16 Responding to Inquires (Cont’d.)
Identify the source Proper v. Improper Contact counsel Consider the target Potential conflicts Consider whether NPI is implicated Not all inquiries are exceptions under GLBA

17 Vendor Issues - Due Diligence
Background check experience Business model Consider new technologies

18 Vendor Issues – Due Diligence Con’t
Contract Review: Scope – is NPI implicated? Compliance with regulatory requirements Testing of data security programs Audits of data security programs

19 Vendor Issues - Insurance
Does the arrangement create additional liabilities? Does the vendor carry insurance that will cover the credit union? Does the credit union have sufficient coverage? Does the vendor have sufficient coverage?

20 Vendor Issues – Policies
Establishing requirements for all vendors with respect to privacy issues. Monitoring vendors throughout the relationship. Reviewing internal technology – is it sufficiently advanced to monitor vendor technology? Designating key employees.

21 Christopher J. Pippett, Esquire 610-458-6703 cpippett@foxrothschild
Christopher J. Pippett, Esquire Ashley L. Beach, Esquire

Download ppt "Current Privacy Issues That May Affect Your Credit Union"

Similar presentations

FERPA - Sharing Student Information

FERPA - Sharing Student Information
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
© 2004 Property Casualty Insurers Association of America The Alphabet of Federal Legislation Kathleen Jensen Property and Casualty Insurers Association.

© 2004 Property Casualty Insurers Association of America The Alphabet of Federal Legislation Kathleen Jensen Property and Casualty Insurers Association.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.
Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.

Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.
2015 ANNUAL TRAINING By: Denise Goff

2015 ANNUAL TRAINING By: Denise Goff
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality and Public Information Act LISD Special Education Department Training SY 2012-2013.

Confidentiality and Public Information Act LISD Special Education Department Training SY

Similar presentations

Ads by Google