In my presentation I used to explain that there had to be a business purpose for accessing the credit bureau report. And that they had some liability if they did this improperly because they now knew better. I made sure I thanked them at this point for signing the attendance roster. They were now responsible for their actions, not just the bank.
Here are two bullets from the PPT file I used to show.
Any officer or employee who willfully provides information on a consumer to an unauthorized person may be fined up to $5,000 and/or imprisoned for up to one year. Criminal liability is similar.
Civil liability for negligent compliance can result in payment for actual damages, court costs and attorney’s fees. Civil liability for willful noncompliance includes this, plus punitive damages.
On a related note, I used this, but in Privacy and SCI.
Dept. of Justice Nov. 30, 2001 SACRAMENTO CA.
United States Attorney John K. Vincent announced that SUZANNE MARIE SCHELLER, 21, of Sacramento, was sentenced today by U.S. District Court Judge Garland E. Burrell, Jr. in Sacramento to a term of thirty-six months probation, in connection with obtaining confidential customer account information and providing it to another individual outside the financial institution.
...while she was a financial institution employee SCHELLER accessed the financial institution computer system and searched for potential customers for a friend who was starting a real estate business. SCHELLER admitted that she knew her unauthorized access was against the policy of the financial institution. The investigation established that some of the information provided by SCHELLER was actually used by another individual unknown to her as part of an identity theft scheme. Imposter's used the customer account information to steal the identity of the customers and conduct transactions at the financial institution.
My opinions are not necessarily my employers.
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell