1 / 21

Current Privacy Issues That May Affect Your Credit Union

Current Privacy Issues That May Affect Your Credit Union. Presented By: Christopher J. Pippett, Esquire Ashley L. Beach, Esquire Pennsylvania Credit Union Association Webinar July 13, 2016. Privacy Basics.

terrydavis
Download Presentation

Current Privacy Issues That May Affect Your Credit Union

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Current Privacy Issues That May Affect Your Credit Union Presented By: Christopher J. Pippett, Esquire Ashley L. Beach, Esquire Pennsylvania Credit Union Association Webinar July 13, 2016

  2. Privacy Basics • 12 C.F.R. Part 716 adopted by the National Credit Union Administration (“NCUA”) in May 2000 to implement the Gramm-Leach-Bliley Act (the “GBLA”). • Notice of privacy policies and “opt-out” of the disclosure of consumer’s nonpublic personal information (“NPI”). • This requirement exists whether or not a credit union shares nonpublic personal information. • Annual notice may now be online. • Follow redisclosure limitations on NPI from nonaffiliated financial institution.

  3. NPI • Any information not publically available that: • A consumer provides to a credit union to obtain a financial product or service; • Results from a transaction between the consumer and the credit union; • A credit union otherwise obtains about a consumer in connection with providing a financial product or service.

  4. NPI • Phone numbers, addresses, social security numbers, income, credit score, cookies collected by internet collection devices, email addresses • New technology means new NPI • Lists • Even information that is publically available might be NPI if it is part of a list that associates that information with NPI – ex. The fact that a consumer is a member of a credit union. • Be aware of lists compiled and maintained electronically.

  5. Non-Affiliated Third Party • Any person except a credit union’s affiliate or a person employed jointly by a credit union and a non-affiliate. • “Affiliate” – a company that controls, is controlled by, or is under common control with the credit union. • Example: credit union service organization that is 67 percent owned by the credit union.

  6. Opt Out Right • Reasonable opportunity • Circumstantial • NCUA example is 30 days • Reasonable means • Check-off boxes • Reply form • Toll free telephone number • Writing a letter is not reasonable

  7. Exceptions to Opt Out Requirement • Credit unions do not need to comply with the opt out if they limit disclosure of NPI: • To nonaffiliated third parties who are performing services for the credit union including marketing. • Must provide notice to consumers • Contract must specify joint service • Additional exceptions may apply • As necessary to effect, administer, or enforce a transaction requested by a consumer. • Specified disclosures to protect against fraud, to attorneys, auditors, or other legal requirements.

  8. Notice Basics • Member v. consumer • Initial notices • Annual notices (covered by recent update) • Clear and conspicuous • Delivery rules

  9. Consumer v. Member • Consumer – individual who obtained a financial product from the credit union for personal, family, or household purposes. • Member – has a continuing relationship with a credit union under which the credit union provides one or more financial products for personal, family, or household purposes.

  10. Notice Content • Categories of information collected • Categories of information disclosed • Categories of affiliates and non-affiliates • Policies on former member NPI • Information disclosed to service providers • Explanation and opt out method • Opt out notices under Fair Credit Reporting Act • Policies for protecting information and the security of information • Statement of disclosures to non-affiliated parties

  11. Annual Notice • “FAST” Act amends GLBA • NCUA issues new guidelines limiting annual notice requirements • No new privacy notice if: • No change to policies and practices since last notice • NPI only shared in accordance with existing GLBA exceptions

  12. Applicable Exceptions • Performing services for, or functions on behalf of, the credit union, pursuant to a joint marketing agreement; • Administering, servicing, or processing a transaction a consumer requests or authorizes; maintaining or servicing certain consumer accounts; or performing securitizations, secondary market sales, or similar transactions; or • Other specified operational and legal purposes, including disclosure with the consumer’s consent or at the consumer’s direction and disclosure to protect the confidentiality and security of records related to the consumer, service, product, or transaction.

  13. Internal Controls • Identify and continue to update information sharing practices. • Review and update information sharing agreements. • Ensure complaint logs and telemarketing scripts. • Categorize types of NPI collected by the credit union. • Review consumer complaints relating to NPI.

  14. Responding to Inquiries • Preparation • Considerations • Other Requests(proper and improper) • Internal Controls - Employee Handling of Information

  15. Responding to Inquiries (Cont’d.) • Location of documents • Key personnel • Litigation hold letter • Policies for document retention and maintenance

  16. Responding to Inquires (Cont’d.) • Identify the source • Proper v. Improper • Contact counsel • Consider the target • Potential conflicts • Consider whether NPI is implicated • Not all inquiries are exceptions under GLBA

  17. Vendor Issues -Due Diligence • Background check • experience • Business model • Consider new technologies

  18. Vendor Issues –Due Diligence Con’t Contract Review: • Scope – is NPI implicated? • Compliance with regulatory requirements • Testing of data security programs • Audits of data security programs

  19. Vendor Issues - Insurance • Insurance • Does the arrangement create additional liabilities? • Does the vendor carry insurance that will cover the credit union? • Does the credit union have sufficient coverage? • Does the vendor have sufficient coverage?

  20. Vendor Issues – Policies • Establishing requirements for all vendors with respect to privacy issues. • Monitoring vendors throughout the relationship. • Reviewing internal technology – is it sufficiently advanced to monitor vendor technology? • Designating key employees.

  21. Christopher J. Pippett, Esquire610-458-6703cpippett@foxrothschild.com Ashley L. Beach, Esquire 610-458-6703 abeach@foxrothschild.com

More Related