Topic: Privacy
-
If we only share customer information with our affiliates as permitted by the FCRA, will we qualify for the new exception to the annual privacy notice requirement? And when does it go into effect?
—
by
The amendment to the annual privacy notice requirement went into effect on the date of the bill’s signing, December 4, 2015. However, if you are sharing information with affiliates under the Fair Credit Reporting Act (FCRA), we recommend going forward with this year’s annual privacy notice mailing — unless you hear otherwise from your primary…
-
Does the amendment to the annual privacy notice requirement go into effect immediately? Is it possible that Illinois law would prevent us from taking advantage of the amendment’s exception to the annual privacy notice requirement?
—
by
The amendment to the annual privacy notice requirement went into effect on the date of the bill’s signing, December 4, 2015. Because Illinois law does not include an initial or annual privacy notice requirement, it does not conflict with the exception to the annual privacy notice requirement in the federal Gramm-Leach-Bliley Act. For resources related…
-
We understand that the Illinois Banking Act’s privacy provisions apply to both consumer and commercial accounts. Does that mean that we have to send initial and annual privacy notices to all business accounts? We were told that FDIC examiners expect us to send privacy notices to commercial customers.
—
by
No, the Illinois Banking Act does not require you to provide initial or annual privacy notices to your commercial accountholders. As you noted, the Illinois Banking Act’s privacy provisions apply to both consumer and commercial customers. However, the Illinois law’s provisions do not include any initial or annual notice requirements (except in the context of…
-
We are entering into a marketing agreement with a social media website, which will target advertising to our customers (based on a customer list that we will provide). The agreement requires the company to comply with all federal privacy laws. Is that sufficient for Illinois privacy law purposes? Any other possible concerns?
—
by
Yes, that should be sufficient for Illinois privacy law purposes, provided that your agreement with the social media company complies with the federal law’s requirements in Regulation P. As explained in an Illinois Department of Financial and Professional Regulation (IDFPR) letter, the financial privacy requirements in the Illinois Banking Act incorporate all of the exceptions…
-
We qualify for the alternative delivery method for our annual privacy notices. How should we notify CD and loan customers about the availability of the privacy notice, since we do not send those customers periodic statements or coupon books?
—
by
For any customers who do not receive periodic statements or other notices from your institution at least annually, you must provide a full annual privacy notice once per year — you cannot rely on the alternative delivery method for those customers. The alternative delivery method requirements include a requirement to provide a “notice of availability”…
-
Are we required to truncate loan account numbers on loan statements and notices, such as past due notices or right to cure notices, that are sent to the customer?
—
by
No, you are not required to truncate loan account numbers on statements or notices sent to customers. Both Illinois and federal law require truncation of credit card and debit card account numbers on receipts, but we are not aware of any law or rule that would apply this requirement to loan account numbers and other…
-
We are considering an arrangement in which a local business would solicit business in some of our branches, and in return, bank employees will hand out marketing materials promoting our institution at the business. What federal and state regulations should we consider?
—
by
We are not aware of any federal or state laws or rules that would directly apply in this case. However, your arrangement should be structured to comply with Illinois and federal financial privacy laws, and we recommend that your employees be properly trained and aware of the privacy rules with respect to the arrangement. Particularly…
-
When is the new CFPB privacy rule effective?
—
by
The CFPB rule allowing for an alternative delivery method for providing annual privacy notices became effective on October 28, 2014. For resources related to our guidance, please see below: 79 Federal Register 64057, 64060 (October 28, 2014) (CFPB final rule amending the annual privacy notice requirement under the Gramm-Leach-Bliley Act, Regulation P, effective upon…
-
We would like to file a SAR about a customer who is exchanging large amounts of twenty dollar bills for hundred dollar bills, in amounts totaling $16,000 in the last six weeks. We are not certain, but we suspect this behavior is indicative of criminal activity. Can we also bring this issue to the attention of the police? Would there be any privacy issues? We are a state member bank.
—
by
Yes, if your bank has filed a SAR, the SAR rules provide a safe harbor for any disclosures to law enforcement authorities related to a “possible violation.” The safe harbor protects your bank from liability under any state or federal law or regulation, and it applies to disclosures regarding both “suspected” and “known” crimes. As…