Learn More - Click Here!

New Reply Thread Options
#2226409 - 11/27/19 02:22 PM NPI Exposed?

I'm sure this happens to people on very rare occasions but need some input....

This has never happened to my knowledge with us before. An employee accidently sent NPI of one customer to another customer via email on accident. The email address was prefilled via outlook. Exposed was NAME, EMAIL, PHONE. What actions would you guys take? The email was recalled within 20 minutes but have not confirmed it was successfully recalled as of yet.

Return to Top Reply Quote Quick Reply Quick Quote
#2226446 - 11/27/19 06:12 PM Re: NPI Exposed? Anonymous
HappyGilmore Offline
10K Club
Joined: Jun 2004
Posts: 19,311
Pulling people out of the ditc...
name, email, and phone are all publicly available info...unless the body of the email specifically included information pertaining to an account held at your institution, i don't think i'd be doing anything else.
Providing alternative truths since the invention of time

Return to Top Reply Quote Quick Reply Quick Quote
#2226451 - 11/27/19 06:38 PM Re: NPI Exposed? Anonymous

The body of the email also stated that the customer was an existing customer of the bank. Per the FDIC website, that very fact is personally identifiable information that is not publicly available. Maybe I'm just jumping the gun here as I don't normally handle GLBA and other privacy regs. I was under the impression that phone and email were not generally publicly available as well.

Return to Top Reply Quote Quick Reply Quick Quote
#2226453 - 11/27/19 07:02 PM Re: NPI Exposed? Anonymous
P*Q Offline

Power Poster
Joined: May 2001
Posts: 8,436
We've had that happen. I document it in the annual GLBA report that goes to the board as an isolated incident and move on. That's been enough for us regulatory wise. Oh yeah, and we also notify the customer whose info was shared in error so they are aware.

Return to Top Reply Quote Quick Reply Quick Quote
#2226483 - 11/28/19 12:02 AM Re: NPI Exposed? Anonymous
Inspector Offline
Gold Star
Joined: Apr 2016
Posts: 254
Non-public information can include names, addresses, and phone numbers among other things. The question is whether the institution has a reasonable basis to conclude the information is public.
Opinions expressed are my own and do not reflect legal advice or the opinions of my employer.

Return to Top Reply Quote Quick Reply Quick Quote
Quick Reply:
HTML is disabled
UBBCode is enabled

Moderator:  MagicCity, P*Q, Truffle Royale