In reviewing a DFI Report of Examination dated in February, 2006, DFI stated that it “is recommended that the Privacy Policy be amended to make specific reference to California Financial Code, Division 1.2. In addition, it is recommended that the scope of the annual operations compliance audit be expanded to specifically include a review for compliance with Division 1.2”

I don’t see anything in Division 1.2 requiring a specific reference to the Financial Code Division.

Am I missing something? Has anyone else seen this?


Al

Lots of things could be recommended...there is no purpose in including referrence to the CA code in a privacy policy. If the bank does not share, no additional notice requirements exist under CA Code, this is specifically stated in the code. If a bank does share, the required elements are listed in the Code, and reference to the CA Code by number is not one of them.

My point exactly, MRJ. Please note the quotes in the original post. DFI is requiring the reference even though there is no support for the requirement in the code.

Anyone else seen this?


Al

Al - I've heard of this as well. In a bank that does not have any sharing practices that would trigger the California disclosures, this type of requirement seems more along the lines of political posturing than of any actual protection of California consumers.

Sadly, not the first time we've seen that in the compliance arena.