Privacy – Page 8 – IBA Compliance Connection

An individual signed a security agreement pledging his certificate of deposit (CD) as collateral for his niece’s loan, which is now 45 days delinquent. Are there timing requirements before we can setoff the CD for the overdue loan? Do we have to notify the individual before we setoff his CD? Would it violate any privacy rules to send such a notification?

Jan 8, 2018

—

by

We are not aware of any timing or notice requirements when exercising a right of setoff, but we recommend reviewing your loan agreement and security agreement for any contractual requirements with respect to timing and notice. In addition, we do not believe that notifying the uncle of the loan delinquency and impending setoff would violate…

Our bank is hiring for an open position. We pulled credit reports for the applicants (with their consent), without obtaining numerical credit scores. One applicant had a number of negative items on their report. The hiring employee emailed the applicant regarding the report, identifying the negative items and including verbiage from the report regarding those items. Would this violate the Fair Credit Reporting Act (FCRA)?

Oct 12, 2017

—

by

admin

No, we do not believe that sharing information from a job applicant’s credit report with that applicant would violate the FCRA. Nothing in the FCRA prohibits the sharing of information from a credit report with the consumer who is the subject of the report. In fact, the FCRA may require your bank to share some…

Our bank has a separate trust department. When an individual has both trust accounts and deposit accounts at our bank, can our trust department share information about that customer’s trust transactions with our BSA officer? Would we be required to inform our trust customers about this information sharing? Does it create any privacy concerns?

Oct 10, 2017

—

by

admin

Yes, your bank’s trust department may share information about customer accounts and transactions with your bank’s BSA officer without notifying the customers or raising privacy issues. Illinois and federal financial privacy laws limit the sharing of customer information with third parties, but they do not prohibit the sharing of customer information with other bank employees…

Can an authorized signer obtain information about the account, including account balance and statements?

Oct 2, 2017

—

by

admin

We think the answer depends on the language in your account agreement, signature card or other document establishing the authority for the authorized signer to draw on the account. In our view, it would be inappropriate and perhaps unlawful to share account balances and statements with an authorized signer without the account owner having expressly…

We recently discovered that an authorized signer on one of our business customer’s accounts is a felon and will have to serve several years in jail. Should we notify the account owner or take any other action? Should we pretend we don’t know?

Sep 14, 2017

—

by

admin

In our view, you should not take any action with respect to your information that the authorized signer is a felon. Generally speaking, federal and state laws do not prevent a felon (even one in prison) from being an authorized signer on a bank account, and we believe it would be prudent for a variety…

We have a customer whose account statements keep being returned as undeliverable. The executor of the customer’s estate has notified us that the customer passed away, but so far has not requested any documents from us. Can we stop sending out the account statements? Also, we have another customer whom we strongly believe passed away; although we have no notice of his death, his statements also are being returned as undeliverable. Can we stop sending out those statements, too?

Aug 17, 2017

—

by

admin

Yes, your bank may discontinue mailing out the account statements for both customers. You are not required to continue mailing periodic statements when they repeatedly are being returned as undeliverable. In fact, it is advisable to discontinue mailing periodic statements to a customer that you know or believe is dead or to an address that…

Although we are not required to notify customers about the Visa Account Updater (VAU) program, shouldn’t we disclose to our customers that it is available?

Aug 16, 2017

—

by

admin

Although not expressly required, there are practical reasons to notify your existing customers about the VAU program and of their right to opt out, and also to include the opt-out right in your new account agreements going forward. For example, some customers may perceive the program as a violation of privacy — or simply may…

We issue MasterCard debit cards, and we received an email from our core processor that we have to participate in MasterCard’s Automatic Billing Updater (ABU) program. This service requires us to notify MasterCard when a cardholder’s account information changes, so that merchants who have an existing relationship with the cardholder can continue to process recurring payments without an interruption in service. We are required to participate in the program, but customers may opt-out. We will review our privacy policies and account agreements, but what state privacy laws or notice requirements should we be aware of with respect to the ABU program?

Aug 16, 2017

—

by

admin

We are not aware of any federal or Illinois law that would require you to provide notice about the MasterCard ABU program and opt-out option to your debit card customers, although we believe it may be prudent to do so. Regulation P generally prohibits a bank from sharing nonpublic personal information about a consumer to…

Are we required to notify our debit card customers about their ability to opt out of the Visa Account Updater (VAU) program that Visa requires us to implement in October 2017? This program requires us to notify Visa when a cardholder’s account information changes, so that merchants who have an existing relationship with the cardholder can continue to process recurring payments without an interruption in service. We are required to participate in the program, but customers may opt-out. There are no customer fees or other changes associated with this new program. Also, because this is an information sharing issue, we want to make sure we will not violate any privacy laws if we do not notify our existing cardholders about new service and opt-out option.

Aug 11, 2017

—

by

admin

We are not aware of any federal or Illinois law that would require you to provide notice about the VAU program and opt-out option to your debit card customers, although we believe it may be prudent to do so. Regulation E requires debit card issuers to notify customers about changes to certain terms and conditions,…

Thirty days ago, we discovered that a former loan officer sent emails from her bank email account to her personal email account (possibly related to her search for future employment with another bank). We still are sifting through hundreds of emails, but so far we know she sent herself at least one individual’s W-2 form. The loan officer quit as soon as we questioned her about the emails. We suspect that the loan officer obtained the W-2 from a loan applicant, and that the loan officer intended to steer the applicant to her new employer, but we have not been able to confirm this suspicion. Our attorney told us to notify the affected individual and any others that we discover. We are almost certain we also will file a Suspicious Activity Report (SAR). Is that something we should do? Should we also contact our primary federal regulator (the FDIC)?

Aug 8, 2017

—

by

admin

We recommend filing a SAR, but at this point, we do not (and from what you have told us, the bank does not) have enough information to determine whether a data breach has occurred that would require your bank to notify its primary regulator or any affected individuals. The SAR regulations require a bank to…

Topic: Privacy