Topic: Privacy
-
Can our trust department share a customer list with the rest of the bank for informational purposes? The department is not a separate entity and is part of the bank charter.
—
by
Yes, we believe your trust department may share its customer list with other employees of the bank. Regulation P only limits the disclosure of nonpublic personal information to third parties. Since the trust department is a division of your bank, sharing information with other employees should not be treated as sharing the information with a…
-
Can we share customer information under the joint marketing exception in the federal privacy rules, even though Illinois law does not include the same exception?
—
by
Yes. The IDFPR has clarified in an interpretive letter that any privacy exceptions that apply under federal law also apply under Illinois law. The joint marketing exception is located in Subpart C of the federal regulations (12 CFR 1016.13), and “a state bank need not obtain a customer’s authorization to make disclosures permitted by one…
-
When reporting potential elder financial abuse to the Illinois Department on Aging, can we provide the amount of money we believe has been being wrongfully withdrawn?
—
by
Yes, we believe it would be permissible to report the amount of money withdrawn from your customer’s account when voluntarily reporting suspected elder financial exploitation. Both Illinois and federal financial privacy laws include exceptions that permit you to reveal certain customer information in this situation. Illinois law does not define what information you may reveal,…
-
We suspected that a customer was the victim of elder financial exploitation and filed a report with the Illinois Department on Aging. They referred us to the Illinois Long Term Care Ombudsman, since the customer is a nursing home resident. The Ombudsman now wants us to report the issue to the Illinois State Police. Are we risking any liability by reporting, since we don’t have any proof that fraud occurred?
—
by
Yes, we believe that your institution could risk some liability when reporting suspected elder financial abuse concerning a nursing home resident. If your bank does believe that a report of suspected abuse would help the resident, we would recommend that you request the Ombudsman to report the issue to the Illinois State Police. Since your…
-
We believe that we qualify to use the alternative delivery method for our annual privacy notices. Am I correct that we need to send a statement stuffer to notify customers?
—
by
Yes, you must notify customers about the alternative delivery method at least annually in a statement stuffer or in another required notice. If you meet all of the requirements for the alternative delivery method in 12 CFR 1016.9(c)(2), you also must provide “clear and conspicuous” notice that your privacy notice is available on your website…
-
When we become aware of the death of a primary owner of a joint deposit account, what is the best practice in regard to the mailing of statements on the account? What if there is no joint owner?
—
by
We recommend that joint account statements be mailed only to the surviving account holder after the death of a joint account holder. Due to privacy concerns, we do not recommend mailing statements to the deceased joint account holder’s address if it is different than the surviving account holder’s address, as this could risk exposing the…
-
Our marketing department wants to hold a drawing that will be open to customers and noncustomers. We would like to use the information we receive, such as names and addresses, for marketing purposes. Is that possible, and are there any privacy concerns?
—
by
We believe you may use the information you receive from the drawing participants for marketing purposes, provided that you clearly and conspicuously disclose that you are collecting the participants’ contact information for marketing purposes. Because you will not be disclosing the contact information to third parties, the drawing should not trigger federal or Illinois privacy…