The Privacy Exam procedures are completely separate from the Information Security exam procedures.
I don't know how the division is split among OCC examiners, but FDIC has Safety and Soundness review Information Security, and Compliance reviews Privacy.
_________________________
CRCM,CAMS
Regulations are a poor substitute for ethics.
Just sayin'