Topic: Privacy
-
We are holding daily drawings for a week as part of our bank’s anniversary celebration. The drawings will be open to the public and will not require any money or other consideration to enter for a chance to win. We want to post the winner’s name next to the submission box each day. Will that create any privacy issues?
—
by
We do not believe that federal or Illinois financial privacy laws would prohibit the posting of winner names, since winners are not necessarily bank customers. Federal and Illinois privacy laws protect “financial records” and “personally identifiable financial information.” These terms are defined broadly, including even the fact that an individual is a customer of your…
-
How long should we keep mail returned as undeliverable, such as privacy notices and bank statements?
—
by
Disclaimer: The Electronic Commerce Security Act (ECSA) was repealed and replaced with the Uniform Electronic Transaction Act (UETA), effective June 25, 2021. Please note that this change may affect the continued accuracy of this guidance as it pertains to the ECSA. We are unaware of any recordkeeping requirements for mail that has been sent to customers…
-
A safe deposit box customer recently died. His sister is executor of his estate. She has asked us for the date on which the customer added a joint owner to the box (his fiancée). There seem to be bad feelings between the sister and the deceased customer’s fiancée. Can we provide that information? Our safe deposit account agreement treats boxes with multiple lessees as joint tenancies with rights of survivorship, so we took the position that we could not provide this information because the fiancée now is the sole lessee on the box.
—
by
We believe that you may provide the requested information to your customer’s executor, since she is requesting information about an event that occurred before his death. The executor would not have any right to information about the safe deposit box account after the date of death. The federal privacy regulations permit banks to disclose account…
-
We recently acquired some affiliates and had to update our privacy notice. Our notice permits customers to opt-out of information sharing by calling a toll-free number. Can we also accept opt-outs on our website or in person, even though those methods are not listed in our privacy notice?
—
by
Yes, we believe that you may accept opt-outs by any method, even if those methods are not listed in your privacy notice. Regulation P requires financial institutions to provide and disclose to customers “a reasonable means” to opt out of information sharing, and Regulation V requires “a reasonable and simple method to opt out.” Neither…
-
We have an elderly customer. One of her children has sued another of her children in what appears to be a squabble over the customer’s money. Now, we have received a letter from a local nonprofit that provides services to elderly persons requesting the customer’s financial information (it asks us to provide a copy of a particular check). The letter states that it is from “Adult Protective Services,” but it does not list a government agency and is not a court order. We are not aware of any circumstances that would suggest elder financial exploitation. Are we required to respond to this request?
—
by
No, we do not believe that your bank is required to provide your customer’s private financial information to the local nonprofit in response to its letter. Illinois law permits, but does not require, financial institutions to report suspected elder financial exploitation to the Illinois Department on Aging (DoA) or to the DoA’s “provider agencies.” The…
-
One of our customers is claiming that her daughter stole several checks from her checkbook and forged her signature on checks totaling $800. The customer lives with her daughter and told us that her daughter is a felon and a drug addict. Do we have to reimburse our customer? She notified us about the forgeries within the 30-day deadline established in our account agreement, but we believe that she failed to properly guard her checkbook. This is her second claim of fraud, with the first claim involving her grandson’s unauthorized use of her debit card. Also, can we contact the individual (a local businessman) who cashed the forged checks?
—
by
You need to reimburse a customer for forged checks if the customer alerts you to the forgery with “reasonable promptness.” In this case, your customer fulfilled her notice obligation by alerting you about the forged checks within the 30-day notice period established in your account agreement. However, your bank is not obligated to reimburse the…
-
Do you see any privacy or other issues with providing payable on death (POD) account beneficiaries with a list of all beneficiaries, and the amounts designated to each beneficiary, after the account owner has died?
—
by
We believe that at least one exception in Regulation P would permit this disclosure, and we are not aware of any other prohibitions or risks involved in revealing this information after the account owner has died. Regulation P permits banks to disclose account information to “persons holding a legal or beneficial interest relating to the…
-
We have an elderly customer who we think is being scammed. We see repeated charges on his checking account from a computer repair company (these are remotely created checks rather than physical checks). Each new charge is usually around $600. We have tried to explain to the customer that we think he is the victim of a scam, but the charges keep appearing. We know about our reporting obligations under state and federal law regarding suspected elder financial abuse, but can we also stop payment on these charges?
—
by
Your bank may stop payments on these charges provided your customer’s account agreement grants you this authority under these circumstances. Demand deposit account (DDA) agreements typically include a provision permitting the bank to decline a transaction if the bank suspects fraud or otherwise finds it necessary to protect the customer or the bank. Such a…
-
We allowed a police officer to view our surveillance footage for our parking lot because someone had broken into a car in a nearby parking lot. Now the police are asking us to hand over a copy of the tape. Do we need to require a subpoena before providing a tape of the surveillance footage?
—
by
No, we do not believe a subpoena would be required for providing this surveillance tape to law enforcement. We do not believe that federal or Illinois financial privacy laws would prohibit you from sharing the surveillance tape with law enforcement. Those laws protect “financial records” and “personally identifiable financial information.” These terms are defined broadly,…
-
We have a customer who passed away. An individual has called us several times wanting information about this customer’s safe deposit box. Can we tell her that the customer did not have safe deposit box account at our bank? This individual did not produce any documentation establishing herself as the executor of this customer’s estate.
—
by
We do not recommend disclosing to this individual that the customer did not have a safe deposit box account at your bank. Regulation P’s privacy requirements prohibit your bank from disclosing “the fact that an individual is or has been one of your customers or has obtained a financial product or service from you.” In…