Is it true that a financial institution's overall data liability, particularly with respect to Gramm-Leach-Bliley, extends to the actual hardware they dispose of? Some banks seem to take this very seriously and are willing to spend money to secure their retired assets and ensure that customer is permanently erased. But other firms seem more interested in getting money for their old systems than protecting themselves from data liability issues. I have heard situations where laptops bought on Ebay were found to contain customer data. Could a firm or its officers be prosecuted for allowing such security lapses to take place?
Are there any regulations which require employee background checks and bonding? If so, what are the requirements? If there are no requirements, are there any "best practices" for smaller community banks?
The proposal for the protection and destruction of information obtained from consumer reports is out. In some respects, there isn't much new or particularly burdensome about the proposal.
What law or regulation addresses a bank employee giving out information on banking information to an outside party that has no tie to the account?
Recently, I called another bank to see if a check that my customer had would clear on the account drawn at their bank. They told me that due to privacy laws they could not give me that information. All I needed was to give them the amount of the check and for them to say yes or no on whether or not it would clear. Does the new privacy law really prevent from a bank from being able to call to see if a check will clear?
Is annual training on Privacy/Reg P required?
Our bank shares nonpublic personal information with an unaffiliated third party with whom we have a joint marketing arrangement for marketing credit card accounts. Under the agreement we are required to provide them in an electronic format the names, addresses, telephone numbers and social security numbers of our existing customers for the purpose of allowing them to solicit our customer for credit card accounts. Are we allowed to disclose telephone numbers and particularly social security numbers without providing our customers the opportunity to opt out? Our initial and annual disclosures do contain the required verbiage that we may disclose all of the information we collect to companies that perform marketing services on our behalf or with whom we have joint marketing agreements?
What recourse does a customer have when a bank employee gives out a SS# and loan information without the customer's permission?
We face new challenges everyday with respect to viruses, ongoing software patches and updates as well new technologies to integrate within our bank. All of these put a strain on our IT resources. How do other banks justify staffing requirements and handle peak demand times?
As a part of information security, financial institutions will be called upon to play an active role not merely in the protection of customer information but also in helping customers who have been