Thread Options
|
Tools
|
#53475 - 01/10/03 04:14 PM
URGENT - Privacy Notice VS Privacy Policy
|
Diamond Poster
Joined: Apr 2002
Posts: 1,677
SmallTown, USA
|
HURRY! HELP ! EXAMINERS ON SITE! We've developed our notice, which is our privacy policy notice. The board has adopted this notice as our policy. Examiner says it is not our policy just a notice. Can any one provide any defense?
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer.
|
Return to Top
|
|
|
|
#53476 - 01/10/03 04:40 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Gold Star
Joined: Aug 2001
Posts: 330
Louisville, KY
|
tressa, The message of your notice and the message of your policy should be consistent but shouldn't necessarily be the same. The agencies required, and to a large extent dictated, the content of the notice. You should have a policy (and procedures) for each compliance topic. The policy should indicate the board's intention to comply with the requirements of the law and/or regulation, the person responsible for compliance, the audit and training requirements, etc.
If the examiner presses the issue, they can criticize your policy, but can not cite you for the failure to develop a policy, because you do have one.
|
Return to Top
|
|
|
|
#53478 - 01/10/03 04:48 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Diamond Poster
Joined: Apr 2002
Posts: 1,677
SmallTown, USA
|
Thanks for the advice. These are safety and soundness examiners and I'm used to dealing with compliance examiners.
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer.
|
Return to Top
|
|
|
|
#53479 - 01/10/03 05:18 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Platinum Poster
Joined: Mar 2002
Posts: 721
California
|
tressaj- I'm curious to find out how your exam goes in regards to Privacy. Our examiners arrived on Wednesday (S/S) and I know that prior to their arrival there was much communication going on regarding Privacy. Are your regulators FDIC?
|
Return to Top
|
|
|
|
#53480 - 01/10/03 05:26 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Diamond Poster
Joined: Apr 2002
Posts: 1,677
SmallTown, USA
|
We had a combo of FDIC and state. FDIC was interested in "security standards for customer information - FIL22-2001" I realize there is a tie-in to privacy, but the examiner admits this in not his area of expertise, and I think he's pulling more Reg P in than necessary. I feel sure we'll be criticzed as far as FIL-22-2001 is concerned. We do have several different IT policies that probably cover a good deal of the requirements, butI don't know if that will get us very far. This particular FIL is one that I've forwarded over and over to IT manager with no response. I guess we'll pay the price!
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer.
|
Return to Top
|
|
|
|
#53481 - 01/10/03 05:30 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Diamond Poster
Joined: Aug 2001
Posts: 1,033
Marysville, Ca.
|
In our exam (OCC) we were criticized for not placing the physical (storing reports, shredding) privacy portion together with the IT plan.
_________________________
Tina A Sweet-Williams AVP Special Assets mailto:tsweet@goldcountrynb.com
|
Return to Top
|
|
|
|
#53483 - 01/10/03 05:45 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Diamond Poster
Joined: Apr 2002
Posts: 1,677
SmallTown, USA
|
He started out with info security policy and has wandered over to Privacy. He admits this is not his Info security not his "area". I think we honeslty deserve some criticism, but I don't like the idea of mixing the two issues. I'm usually pretty vocal with consumer examiners, but I'm also out of my element here so I don't have a lot of ammunition. Conveniently our IT manager is off on Fridays.
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer.
|
Return to Top
|
|
|
|
#53484 - 01/10/03 05:45 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Platinum Poster
Joined: Mar 2002
Posts: 721
California
|
tressaj- Thanks, FDIC is here, and prior to their arrival there seemed to be alot of telephone conversation regarding Appendix B to Part 364 - Interagency Guidelines Establishing Standards for Safeguarding Customer Information. I unfortunately, was not the one directly doing to the communicating. I'm sure that had I been directly involved it wouldn't have become as much of an issue. Fortunately I was able to come up with all the written documentation dating back to 2000, to present to show we've taken all the required steps. Now it's just "wait & see". If something else comes up of interest, would you mind sharing? Thanks.
|
Return to Top
|
|
|
|
#53486 - 01/10/03 06:03 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Diamond Poster
Joined: Apr 2002
Posts: 1,677
SmallTown, USA
|
He is the EIC. It's Friday noon here, so they've probably left for the day. They already had mgmt meeting yesterday before he even addresed this issue, so I'm hopeful it won't effect our rating. I thought it was odd that he'd cover after mgmt meeting.
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer.
|
Return to Top
|
|
|
|
#53488 - 01/10/03 06:10 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Diamond Poster
Joined: Apr 2002
Posts: 1,677
SmallTown, USA
|
We had compliance exam in March 2002. No problems, but maybe they just didn't catch it. We'll have something in place prior to next exam (I hope!)
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer.
|
Return to Top
|
|
|
|
#53490 - 01/10/03 07:30 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Anonymous
Unregistered
|
My bank is also in the process of a Safety and Soundness exam and they have spent an enormous amount of time focusing on Privacy and Info. Security. They wanted to see EVERY single piece of paper that was used to create our Info. Security Policy. What a mess. WE have a privacy policy and info. security policy in place, but they wouldn't even read them until they say the documentation used to create them...we honestly couldn't provide them with much!! I wish they would leave.
|
Return to Top
|
|
|
|
#53491 - 01/10/03 09:20 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Diamond Poster
Joined: Apr 2002
Posts: 1,677
SmallTown, USA
|
I don't think so. Although that a good point. He's gone for the day and didn't mention anything else to me about it. Sadly, I agree with him that we've missed the mark on establishing standards for customer information requirements. He's gone and hopefully, because he didn't even look at this until after the exit with mgmt it won't be too harsh. I'm certainly going to do my best to prode this along and get it covered before the next exam.
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer.
|
Return to Top
|
|
|
|
#53492 - 01/10/03 09:31 PM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Platinum Poster
Joined: Mar 2002
Posts: 721
California
|
Bonnie M- Have you been through a recent S/S Exam where GLBA was reviewed? We have a Privacy Policy, and Information Security Policy - do you suppose the two should cross-reference each other?
|
Return to Top
|
|
|
|
#53494 - 01/11/03 12:28 AM
Re: URGENT - Privacy Notice VS Privacy Policy
|
Platinum Poster
Joined: Mar 2002
Posts: 721
California
|
Bonnie M - Good Luck - at least you have more than the two week notice we received. We will see how our's goes, the team is very pleasant to work with (so far...)
|
Return to Top
|
|
|
|
|
|