Has anyone found that their bank's annual Privacy Act mailing was not sent to all customers?
In our bank's recent mass mailing of the annual Privacy Notices, the customer relationship management software was used to produce one mailing address per "household". This caused a problem in that we have some households [persons with same mailing address] with multiple adults who have separate accounts. Only one Privacy Notice was mailed to just one of the persons in these households. We discovered this during the Privacy Audit.
What is the proper corrective action? Should we send more Privacy Notices to account holders missed in the first mailing?
Or, should we merely correct the procedures to be used next year to prevent a repeat problem?
My opinions are not legal advice, not my employer's, and may change anytime.