Privacy: Basic Question...I think?

Posted By: Anonymous

Privacy: Basic Question...I think? - 06/03/03 06:24 PM

Privacy Question:

Is contract language (12CFR40) required for .13 joint marketing only, or is it required for .14 and .15 as well?

Is the language, "The provider agrees to use or disclose such information ony to carry out the purposes for which the information was disclosed", required on all contracts, even if we use these conpanies to perform services for the bank, like mail statements?

Any help or guidance would be appreciated.

Posted By: Princess Romeo

Re: Privacy: Basic Question...I think? - 06/03/03 06:41 PM

Section 13 - Joint Marketing agreements require confidentialy language. If you provide any NPPI you should have Information Security as well.

Section 14 and 15 - Service providers require Information Security language.

Remember - Confidentiality and Information Security are TWO SEPARATE concepts that generally go hand in hand.

Posted By: Anonymous

Re: Privacy: Basic Question...I think? - 06/04/03 08:16 PM

Thanks Bonnie...

So am I understanding this correctly by saying that Service Providers that fall under Exception .14 and .15 are not required to have confidentiality language as in .13 Exceptions?

Posted By: Princess Romeo

Re: Privacy: Basic Question...I think? - 06/04/03 09:25 PM

Quote:

Service Providers that fall under Exception .14 and .15 are not required to have confidentiality language as in .13 Exceptions

Correct - IF the Service Provider ONLY falls under .14 & .15 Exceptions. However, you will still need the Information Security langauge.