Skip to content
BOL Conferences Top Gun 23
Thread Options Tools
#2268607 - 04/01/22 09:22 PM Privacy Policy
kmenard Offline
Joined: Oct 2014
Posts: 67
During our audit of Regulation P, we were cited for disclosing information regarding our mobile banking app. The information was required by Google due to push notification and pop-up screens. We tried to create a separate box to add the discloser but was advised by our document provider ”that a box could not be added and to add the information to the Other Important Information box” The auditor is indicating that this is a violation of law and giving the audit a “Needs Improvement” rating. I have a couple of questions:

• Is this a violation of law?
• If so, is this a significant finding?
• If this is a violation, where would put the information on the Privacy Policy or is it ok to create our document.

Return to Top
General Discussion
#2268609 - 04/01/22 09:28 PM Re: Privacy Policy kmenard
Andy_Z Offline
10K Club
Joined: Oct 2000
Posts: 27,590
On the Net
I don't understand what information is being disclosed or how, are you saying consumers enter banking info for Google?
My opinions are not necessarily my employers.
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#2268642 - 04/04/22 03:09 PM Re: Privacy Policy kmenard
rainman Offline
Power Poster
Joined: Nov 2004
Posts: 3,115
If the bank offers its app in the Google Play app store, Google requires a disclosure about the acquisition of geolocation if certain features are turned on.

As to whether it's a violation of law to include that information in the "other Important Information" box - it's not, and the auditor needs to re-read the regulation. The model privacy form in the Appendix to Reg. P includes specific instructions about what can and can't go in various places. The "other important information" box is only for state privacy law issues.

So including the geolocation disclosure required by Google in that box means that the bank is not using the model form in accordance with the instructions. But the regulation does not require use of the model form (even though everyone does). So including this information just means that the bank is using a form other than the model. Is it still complying with the regulation? Yes.
Nobody's perfect, not even a perfect stranger.

Return to Top
#2268661 - 04/04/22 09:04 PM Re: Privacy Policy kmenard
RVFlyboy Offline
Power Poster
Joined: Oct 2000
Posts: 5,984
Soaring over Georgia
We use two linked policies on our mobile app - one is our Reg P Privacy Notice (based on the Reg P model) and one is our Digital Privacy & Cookies Policy. The second policy is where we discuss geolocation and other information on how we gather, use, and share digital information and cookies.
Jim Bedsole, CRCM, CBA, CFSA, CAFP
My posts - my opinions

Return to Top