Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools
 

Support for BOL is provided by:

MAIN CONTENT 
Compliance

    Agency Road Maps

    Alphabet Soup

    Compliance Tools

    FACTA/FCRA

    OFAC

Lending

    FACTA/FCRA

    Lending Tools

    SCRA

Marketing

Operations

    Check 21

    Operations Tools

    SAR Resrch Guide

Security

    AML/BSA

    Bank Robbery

    Counterfeits

    ID Fraud/Phishing

    Security Tools

Technology/eBanking

    Info Security


SPECIAL AREAS 
BOL Archives

BOL Blogs

Briefing Archive

Calendar

Court Watch

e-Card Exchange

Examiner's Corner

Executive Briefing

HR Corner

Infovault

Launch Pad

Regulator Roadmaps

Risk Management

Site Map

Site Orientation

Top Stories


~ ~ ~
SERVICES 
CrimeDex

Em@il Education

ID Verification


~ ~ ~
SHOP 

Banker Store
Bankers Info Ntwk
Vendor Connect

CONNECT 

Career Connect

Learning Connect

Vendor Connect

Guru Central

INTERACT 

Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


TOOLS 

BOL Toolbar

60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms

FUN 

BOL Recipes

eCard Exchange

LEARN MORE 


About Our Sponsors
About Us




Print Friendly! Email This Article! Discuss NOW!

Third Party Vendors, Maintenance Contracts, and Privacy
by Mary Beth Guard, BOL Guru

Question: I may have thoroughly confused myself...and may confuse you, too after this....but, here goes: our bank does document imaging using software provided by a nonaffiliated third party. We image proof items, loan files, deposit account documents, etc. If the vendor had to perform maintenance on our system, they might have access to consumer (noncustomer) and customer information. I'm trying to decide whether their services fall under a Section 14 exception. If so, we would just need to make sure our contract with the vendor contains the required verbiage---right? If they are a Section 13 exception, then I'm thinking we would have to provide notice to our customers and noncustomers alike as well as having the appropriate language in the contract.

Answer: The vendor would be considered to fall within the Section 14 exception of the privacy rule. That means:
  1. the customer would not have a right to opt out of this type of information sharing because it only occurs as necessary to effect a transaction initiated by the customer; and
  2. you do not need to specifically mention this type of information sharing in your privacy notice. It is considered covered under the generic language of "We share information only as permitted by law" or something to that effect.
On the other hand, this service provider WOULD be covered under the information security guidelines. As a result, you will need to have a contract provision in place with the vendor that specifically obligates it to implement and maintain an information security program designed to achieve the objectives of the information security guidelines.

The two sets of requirements (the privacy rule vs. the information security guidelines) are very different.

The original version appeared in the June 2002 edition of the Oklahoma Bankers Association Compliance Informer.

First published on BankersOnline.com 10/28/02



Open the newly required
"UAD" .XML appraisals
Download Free UAD Reader

Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.