TOOLBOX. ABA Financial Privacy
|
|
- Marjorie Ryan
- 8 years ago
- Views:
Transcription
1 ABA Financial Privacy TOOLBOX This tool will help ensure that privacy remains a core value in all corners of your institution. The success of your privacy program depends upon your board s and your management s support. Involve Your Board and Senior Management Consider a Board Privacy Resolution Review Your Employee Code of Conduct Appoint a Privacy Manager or Designate a Responsible Person Review Your Security Officer s Responsibilities BANKERS
2 TOOL 1 CONTENTS Board and Senior Management Involvement...3 Sample Board Resolution...5 Sample Codes of Conduct...6 Customer Information Security Program...8 Elements of a Comprehensive Risk Management Plan...9 C H E C K L I S T ABA Financial Privacy TOOLBOX Involve Your Board and Senior Management Consider a Board Privacy Resolution Review Your Employee Code of Conduct Appoint a Privacy Manager or Designate a Responsible Person Review Your Security Officer s Responsibilities Conducting an Information Self-Assessment Perform an Information Self-Assessment How do you collect information? How do you share customer information within your organization? How do you share information with third parties? How do you provide customer notice? How do you provide customers the right to opt out? How do you allow customer access and correction? How do you provide information security? How do you handle customer questions and concerns about privacy? Complying with Gramm-Leach-Bliley Understand the Requirements of the GLB Act Draft Your Written Privacy Notice Sample 1 (for institutions without affiliates, including most community banks) Sample 2 (for institutions with affiliates) Sample 3 (for institutions with affiliates, joint marketing, and third party sharing outside of the exceptions) Ensure Third Parties Abide by Your Privacy Standards Going Beyond GLB: Medical Privacy & Identity Theft Stress The Importance of Keeping Medical Information Confidential Be Proactive in Preventing and Resolving Cases of Identity Theft Training Your Employees Implement Privacy Training Implement Training on Combating Pretext Calling BANKERS Communicating with Customers Communicate Your Institution s Policy Toward Privacy Communicate the Benefits of Information Sharing BANKERS 2
3 TOOL 1 Board and Senior Management Involvement From the Board Room to the Back Room The success of your privacy program will, in large part, depend upon your board s and your management s continual commitment to maintaining your customers trust and confidence that their information is being properly safeguarded. Involve Your Board of Directors Our industry s successful response to the Y2K concerns was built upon the regular involvement of the board of directors. The issue of privacy and how we use and protect our customers information is no less a concern for our institutions than Y2K was. In fact, privacy may prove to be an even bigger challenge, given rising customer anxieties over information use, the spotlight from the media, the politicians in Congress and state houses that seek restrictive laws, and the rapidly changing technologies that enable information to be transmitted in nanoseconds. At least with Y2K, the issue ended on Jan. 1, ABA s Task Force felt strongly that a successful privacy program starts with the involvement of the board and senior management. Having privacy as a regular agenda item is one way to keep your board informed. There, senior management could report progress in customer communications, in complying with the privacy regulations, and in reporting what customers are telling you about their concerns. Importantly, it also helps to build a track record to demonstrate to regulators your commitment to this issue. For a board of directors to lead, it needs to understand the importance of protecting the privacy of financial information to your customers, your institution and our industry. There may be no more important group to educate than your board members. The training materials in Tool 5 can help begin this process. Your board should also set the standards of responsible use and protection of customer information for your institution and every employee. A board resolution incorporating the voluntary guidelines of the Task Force is one means to do this. A Sample Board Resolution has been included with this tool. Other board responsibilities you might consider include approval of your institution s written information management/privacy policy and oversight of the program implementing and maintaining this policy. The specific oversight of the program may be delegated to the board s audit committee. Responsibilities here include assuring that information practices are being carried out within the parameters of your own policies and practices. In addition to the recently finalized regulations implementing the Gramm-Leach-Bliley Act s privacy provisions, the federal regulatory agencies in June proposed standards for safeguarding customer information under the Act. The section of this tool entitled Information Security Program for Safeguarding Customer Information outlines the board responsibilities contemplated in the proposed federal guidelines. Involve Senior Management Since customer information flows through all departments of your institution, senior management should be involved in the development and implementation of your information management/privacy program. It is also the responsibility of senior management to keep the board informed of the current status of the program by reporting, on a regular basis, the overall status of the program. Tool 2: Conducting an Information Self-Assessment will enable you to conduct a detailed review of how information is shared within and outside your institution. Importantly, it will help senior management answer questions like: Are our practices customer-oriented? Would they meet public scrutiny? Is this what we want to do with our customers information? 3
4 TOOL 1 A commitment to employee training is essential to the success of any program. To that end, ABA will be offering a variety of training tools through teleconferencing and other means. Employees should also be made aware of their responsibility to protect customer information. Sample Codes of Conduct have been included in this tool to assist you in this effort. Appoint a Privacy Manager Creating and implementing a privacy program requires day-to-day oversight, particularly during the initial implementation stage. Senior management should appoint a privacy manager who will have overall and ultimate responsibility for the creation and maintenance of your institution s privacy program. While that individual might have additional responsibilities, depending upon the size and complexity of your institution, a fixed portion of his or her time should be allocated to the institution s privacy program. In many community banks, the job will go to an individual who already has a full load of responsibilities. If that occurs, senior management should ensure that the privacy manager has sufficient support from others in your organization. Providing the privacy manager with sufficient resources and authority to implement your institution s privacy program is critical to a successful program. Review the Security Officer s Responsibilities The fact that all institutions have either a security officer or an employee with security responsibilities should be communicated to customers as part of your privacy policy. The role of your institution s security officer may have to be revised to reflect your information management/privacy policy, as well as the pending customer information security standards. The duties of the security officer include physical security, information security and investigations of criminal activity. The security function is increasingly responsible for creating an environment within your institution that makes unauthorized access to personal financial information by employees a violation of corporate policy. The security officer is accountable for establishing systems to prevent unauthorized access to, or manipulation or destruction of, customer information. 4
5 TOOL 1 Sample Board Resolution This board of directors resolution incorporates the voluntary industry guidelines. You may wish to amend it as appropriate to address your institution s specific practices. Privacy Pledge Whereas [Institution Name] recognizes its customers expectations of financial privacy; and whereas preserving our customers trust is one of the core values of our institution and the broader banking community; we therefore resolve to abide by the following guidelines for the responsible use and protection of our customers information:! We will always value the trust of our customers and the importance of keeping their personal financial information confidential.! We will provide our customers with our policy on using their personal financial information responsibly and protecting it.! We will hold our employees to the highest standard of conduct in ensuring the confidentiality of customer information.! We will hold any personal medical information about our customers sacred and will NOT use it for marketing purposes or in making credit decisions.! We will use information responsibly in order to provide our customers with significant benefits, including fraud prevention, improved products and services and to comply with laws.! We will establish procedures to maintain accurate information and respond in a timely manner to our customers request to change or correct information.! We will use a combination of safeguards to protect our customers against the criminal use of their information and to prevent unauthorized access to it.! We will offer our customers the option of restricting information shared with third parties for marketing purposes and honor their preferences.! We will require the companies we do business with to abide by our privacy policy to maintain the confidentiality of our customers information. 5
6 TOOL 1 Sample Codes of Conduct These sample codes of conduct are designed to help create an environment within your institution where all employees are aware of their responsibility to protect customer information. SAMPLE 1: Confidential Information and Personal Liability Employees, directors and their associates may be held personally liable for using confidential information (obtained while serving as a director or employee) for personal benefit. They may also be subject to governmental or corporate administrative action. [Institution Name] s business and customer information and any related files are confidential and cannot be disclosed to unauthorized persons (including competitors) without permission. SAMPLE 2: Confidentiality and Integrity of Information Information about the Corporation, its affiliates, customers, suppliers and employees obtained by virtue of employment with the Corporation is confidential and must be treated as such. Information should neither be modified nor destroyed without proper approval. Disclosure of confidential information to unauthorized persons outside the company is prohibited. Authentication In keeping with our tradition of confidentiality, methods of customer authentication, such as an authorization code, are used whenever necessary in the ordinary course of business to obtain information of a confidential nature. Accountability It is the policy of [Institution Name] to treat all information regarding its customers and employees in strictest confidence. Failure to maintain the confidentiality of this information will result in corrective action, up to and including immediate dismissal. 6
7 TOOL 1 SAMPLE 3: Introduction In implementing [Institution Name] s vision in accordance with our values, this Code of Conduct (the Code) serves as a guide to ethical conduct for all employees of [Institution Name]. This policy covers areas of business conduct when working with clients, customers, suppliers, the public and other employees. It also addresses conflicts of interest, which could arise between the personal conduct of employees and their positions with [Institution Name]. Penalty for Violations Employees are expected to act fairly and honestly when conducting business on behalf of [Institution Name], maintain [Institution Name] s high ethical standards, and obey all applicable laws. Violations of the Code and applicable laws or failure to cooperate with an internal investigation may constitute grounds for corrective action, up to and including immediate dismissal. Safeguarding Confidential Information When conducting business, many employees may become privy to confidential information about [Institution Name], its present and prospective customers and suppliers, its stockholders and employees. Employees who possess such confidential information must understand that it has been given to them for an express business purpose, may be disclosed only on a need-to-know basis, and used only for a proper business purpose. Discretion should be used when confidential information is disclosed, and it should never be disseminated to unauthorized persons. Misuse of confidential information may result in civil or criminal liability, or in sanctions or penalties against both [Institution Name] and the individual responsible for misusing such information. Procedures to Restrict Flow of Information Because [Institution Name] is a multi-service financial institution, banking and securities laws, as well as good business practices, require that [Institution Name] have procedures ( firewalls ) to prevent material nonpublic information obtained while engaging in one of [Institution Name] s diverse business activities from being utilized improperly by others within or outside of [Institution Name]. 7
8 TOOL 1 Customer Information Security Program Agency Proposal On June 21, 2000, the federal regulating agencies proposed guidelines for establishing standards for safeguarding customer information under section 501(b) of the GLB Act. The privacy rules propose disclosure of the existence of an institution s security and confidentiality procedures. Examples of how to disclose these procedures can be found in Tool 3 s Sample Privacy Policy Notices. The agencies believe that most institutions already have procedures in place similar to standards being proposed. The following is based on the proposal only, but we believe that the final version will closely track the proposal. ABA will publish an updated version of this when the agencies finalize the proposal. You still have time to comment on the proposal comments are due August 25 th. Purpose According to the GLB Act, these safeguards are intended to: Insure the security and confidentiality of customer information; Protect against any anticipated threats or hazards to the integrity of customer records; and Protect against unauthorized access to or use of customer information that would result in substantial harm or inconvenience to any customer. Key Proposed Elements The agency proposal, which will either be in the form of guidelines or regulation, outlines steps for putting in place an information security program. 1 Board Involvement: The proposal contemplates board of director oversight to: Approve the institution s written information security policy and program; and Oversee efforts to develop, implement, and maintain an effective information security program, including regular review of management reports. Senior Management Responsibilities: The proposal contemplates three responsibilities for management: Evaluate the impact of changing business arrangements on the institutions security program (e.g., mergers, joint ventures, outsourcing). Document compliance with the final guidelines. Keep the board informed (e.g., regular reports of risk assessment, risk management and control decisions, results of testing, and attempted or actual security breaches). Program Requirements: The proposal contemplates that institutions must: Identify and assess the risks that may threaten customer information; Develop a written plan; Implement and test the plan; and Adjust the plan on a continuing basis. You still have time to comment (until August 25, 2000) The agencies have specifically invited comment on how this proposal would impact community banks. The agencies noted that community banks operate with more limited resources than larger institutions and may present a different risk profile. Therefore, the agencies specifically request comment on the impact of this proposal on community banks current resources and available personnel with the requisite expertise. Comments should address whether the standards are reasonable and realistic for community banks, and whether the proposed regulation s goals could be achieved for community banks through an alternative approach. 8 1 Visit to review the full proposal.
9 TOOL 1 Elements of a Comprehensive Risk Management Plan This checklist based on the regulators recent proposal on information security identifies the factors an institution should consider in evaluating the adequacy of its policies and procedures to manage risks associated with sensitive customer information. Not all of these factors are intended to apply to every institution. However, it provides a good reference list for establishing your own comprehensive approach. The regulators suggest the following factors be considered: Access rights to customer information. Access controls on customer information systems, including controls to authenticate the identity of and grant access only to authorized individuals and companies. Dual control procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to customer information. Contract provisions and oversight mechanisms to protect the security of customer information maintained or processed by service providers. Monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems. Response programs that specify actions to be taken when unauthorized access to customer information systems is suspected or detected. Access restrictions at locations containing customer information, such as buildings, computer facilities, and records storage facilities. Protection against destruction of customer information due to potential physical hazards, such as fire and water damage. Encryption of electronic customer information, including while in transit or in storage on networks or systems to which unauthorized individuals may have access. Procedures to confirm that customer information system modifications are consistent with the institution s information security program. Response programs to preserve the integrity and security of customer information in the event of computer or other technological failure, including, where appropriate, reconstructing lost or damaged customer information. 9
10 TOOL 1 Notes 10
11 TOOL 1 Notes 11
12 TOOL BANKERS 12
Safeguarding Customer Information An ABA Toolbox
Safeguarding Customer Information An ABA Toolbox The ABA is proud to offer this toolbox - free to ABA members - to assist bankers in safeguarding their customer information. Financial institutions have
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationSubject: Safety and Soundness Standards for Information
OFHEO Director's Advisory Policy Guidance Issuance Date: December 19, 2001 Doc. #: PG-01-002 Subject: Safety and Soundness Standards for Information To: Chief Executive Officers of Fannie Mae and Freddie
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationData Privacy and Gramm- Leach-Bliley Act Section 501(b)
Data Privacy and Gramm- Leach-Bliley Act Section 501(b) October 2007 2007 Enterprise Risk Management, Inc. Agenda Introduction and Fundamentals Gramm-Leach-Bliley Act, Section 501(b) GLBA Life Cycle Enforcement
More informationEvergreen Solar, Inc. Code of Business Conduct and Ethics
Evergreen Solar, Inc. Code of Business Conduct and Ethics A MESSAGE FROM THE BOARD At Evergreen Solar, Inc. (the Company or Evergreen Solar ), we believe that conducting business ethically is critical
More informationCODE OF BUSINESS CONDUCT AND ETHICS
Effective: 1 st April 2015 Table of Contents 1. PURPOSE... 3 2. SCOPE... 3 3. OWNERSHIP... 3 4. DEFINITIONS... 3 5. CONFLICTS OF INTEREST... 3 6. CORPORATE OPPORTUNITIES... 4 7. CONFIDENTIALITY AND PRIVACY...
More informationTOOLBOX. ABA Financial Privacy
ABA Financial Privacy TOOLBOX This tool is designed to help you craft or revise your privacy policy and design your disclosures. It contains three sample privacy policy notices, the first of which is likely
More informationUNITED STATES COMMODITY FUNDS LLC CODE OF BUSINESS CONDUCT AND ETHICS
UNITED STATES COMMODITY FUNDS LLC CODE OF BUSINESS CONDUCT AND ETHICS TABLE OF CONTENTS Page Introduction... 1 Purpose of the Code... 1 Conflicts of Interest... 1 Corporate Opportunities... 2 Public Disclosure...
More informationInformation Security Awareness Training Gramm-Leach-Bliley Act (GLB Act)
Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act) The GLB Act training packet is part of the Information Security Awareness Training that must be completed by employees. Please visit
More informationWESTERN ASSET MORTGAGE CAPITAL CORPORATION CODE OF CONDUCT
WESTERN ASSET MORTGAGE CAPITAL CORPORATION CODE OF CONDUCT I. Introduction This Code of Conduct (the "Code") sets out basic principles to guide the day-today business activities of directors, officers
More informationInteragency Guidelines Establishing Information Security Standards. Small-Entity Compliance Guide
Interagency Guidelines Establishing Information Security Standards Small-Entity Compliance Guide I. INTRODUCTION Purpose and Scope of the Guide This Small-Entity Compliance Guide (footnote 1) is intended
More informationCUBIC ENERGY, INC. Code of Business Conduct and Ethics
CUBIC ENERGY, INC. Code of Business Conduct and Ethics Introduction Our Company s reputation for honesty and integrity is the sum of the personal reputations of our directors, officers and employees. To
More informationCODE OF ETHICS AND BUSINESS CONDUCT
CODE OF ETHICS AND BUSINESS CONDUCT Date of Issue: 22 January 2015 Version number: 2 LUXFER HOLDINGS PLC Code of Ethics and Business Conduct Luxfer Holdings PLC is committed to conducting its business
More informationSTATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM
STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business
More informationCollege of DuPage Information Technology. Information Security Plan
College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data
More informationPROTECTION OF PERSONAL INFORMATION
PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,
More informationM E M O R A N D U M. The Policy provides for blackout periods during which you are prohibited from buying or selling Company securities.
M E M O R A N D U M TO: FROM: All Directors, Officers and Covered Persons of Power Solutions International, Inc. and its Subsidiaries Catherine Andrews General Counsel and Insider Trading Compliance Officer
More informationBERKSHIRE HATHAWAY INC. CODE OF BUSINESS CONDUCT AND ETHICS
BERKSHIRE HATHAWAY INC. CODE OF BUSINESS CONDUCT AND ETHICS A. Scope. This Code of Business Conduct and Ethics applies to all Berkshire Hathaway directors, officers and employees, as well as to directors,
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More information787 Wye Road, Akron, Ohio 44333 P 330-666-6200 F 330-666-7801 www.keystonecorp.com
Introduction Keystone White Paper: Regulations affecting IT This document describes specific sections of current U.S. regulations applicable to IT governance and data protection and maps those requirements
More informationCODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS
CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS Statement of Principle Our long-standing policy, as stated in our Pledge, is to maintain the highest standard of moral and ethical behavior in our relationships
More informationWhitefish School District. PERSONNEL 5510 page 1 of 5 HIPAA
Whitefish School District R PERSONNEL 5510 page 1 of 5 HIPAA Note: (1) Any school district offering a group health care plan for its employees is affected by HIPAA. School districts offering health plans
More informationUNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C
UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information
More informationEXHIBIT C BUSINESS ASSOCIATE AGREEMENT
EXHIBIT C BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT is made and entered into by and between ( Covered Entity ) and KHIN ( Business Associate ). This Agreement is effective as of, 20 ( Effective Date
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationBUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.
BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of
More informationUr-Energy Inc. Code of Business Conduct and Ethics
Ur-Energy Inc. Code of Business Conduct and Ethics As Amended Effective February 5, 2014 2957409.2 TABLE OF CONTENTS INTRODUCTION... 3 CONFLICTS OF INTEREST... 3 GIFTS, INVITATIONS AND ENTERTAINMENT GUIDELINES...
More informationPrivacy Policy & Identity Theft Prevention Program
Privacy Policy & Identity Theft Prevention Program Orcam Financial Group LLC PO Box 91098 4640 Cass St San Diego, CA 92109 (858) 220-5383 Orcam Financial Group LLC Privacy Policy February, 2014 Page 1
More informationBUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity
More informationInformation Management and Security Policy
Unclassified Policy BG-Policy-03 Contents 1.0 BG Group Policy 3 2.0 Policy rationale 3 3.0 Applicability 3 4.0 Policy implementation 4 Document and version control Version Author Issue date Revision detail
More informationTHE PRIVACY PROVISIONS OF THE GRAMM-LEACH-BLILEY ACT AND THEIR IMPACT ON INSURANCE AGENTS & BROKERS PREPARED BY THE OFFICE OF THE GENERAL COUNSEL
THE PRIVACY PROVISIONS OF THE GRAMM-LEACH-BLILEY ACT AND THEIR IMPACT ON INSURANCE AGENTS & BROKERS This memorandum is not intended to provide specific advice about individual legal, business, or other
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationFORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT
FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and
More informationTitle: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION
Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for
More informationMEAD JOHNSON NUTRITION COMPANY CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS
MEAD JOHNSON NUTRITION COMPANY CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS Statement of Principle Our policy is to maintain the highest standard of moral and ethical behavior in our relationships with
More informationPHILIPPINE LONG DISTANCE TELEPHONE COMPANY CODE OF BUSINESS CONDUCT AND ETHICS
PHILIPPINE LONG DISTANCE TELEPHONE COMPANY CODE OF BUSINESS CONDUCT AND ETHICS Philippine Long Distance Telephone Company ( PLDT or the Company ) is dedicated to doing business in accordance with the highest
More informationMental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan
Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan Adopted: January 2, 2007 Revised by Board of Directors on September 4, 2007 Revised and Amended
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationNRG ENERGY, INC. SUPPLIER CODE OF CONDUCT. Revision 1, Released June 10, 2014
NRG ENERGY, INC. SUPPLIER CODE OF CONDUCT Revision 1, Released June 10, 2014 Ethics toll-free Helpline 888.263.0463-1 Table of Contents INTRODUCTION and MESSAGE FROM CEO 3 NRG STRIVE VALUES 4 ETHICS HELPLINE
More informationSupplier Integrity Guide
Supplier Integrity Guide Wayne Fueling Systems and its Wayne Fueling Systems business are committed to unyielding Integrity and high standards of business conduct in everything we do, especially in our
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address
More informationLouisiana State University System
PM-36: Attachment 4 Business Associate Contract Addendum On this day of, 20, the undersigned, [Name of Covered Entity] ("Covered Entity") and [Name of Business Associate] ("Business Associate") have entered
More informationUNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. Revised as of March 3, 2014
I. Statement of Policy UNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS Revised as of March 3, 2014 Universal Insurance Holdings, Inc. ( UIH ) and its subsidiaries (collectively,
More informationUTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter
Pennsylvania State System of Higher Education California University of Pennsylvania UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter Version [1.0] 1/29/2013 Revision History
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ), effective as of May 1, 2014 (the Effective Date ), by and between ( Covered Entity ) and Orchard Software Corporation,
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement and is made between BEST Life and Health Insurance Company ( BEST Life ) and ( Business Associate ). RECITALS WHEREAS, the U.S.
More informationHIPAA Privacy Rule Policies
DRAFT - Policies and Procedures PRIVACY OFFICE ASSIGNMENT AND RESPONSIBILITIES APPROVED BY: SUPERCEDES POLICY: Policy #1 ADOPTED: REVISED: REVIEWED: Purpose This policy is designed to assure the establishment
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationMessage from the Co-Chairmen and Chief Executive Officers
Message from the Co-Chairmen and Chief Executive Officers As each of us works to meet individual and Company-wide business goals here at Torchmark, we must all ensure that the work we perform and the business
More informationInstructions for Completing the Information Technology Officer s Questionnaire
Instructions for Completing the The (Questionnaire) contains questions covering significant areas of a bank s information technology (IT) function. Your responses to these questions will help determine
More informationMOTORCAR PARTS OF AMERICA, INC. CODE OF BUSINESS CONDUCT AND ETHICS ADOPTED EFFECTIVE JANUARY 15, 2015
MOTORCAR PARTS OF AMERICA, INC. CODE OF BUSINESS CONDUCT AND ETHICS ADOPTED EFFECTIVE JANUARY 15, 2015 The Board of Directors of Motorcar Parts of America, Inc. ( MPA ) has adopted the following Code of
More informationCODE OF ETHICS FOR FINANCIAL PROFESSIONALS
CODE OF ETHICS FOR FINANCIAL PROFESSIONALS OWNER: Citi CFO CONTACT(S): CITI FINANCE ISSUE DATE: DECEMBER 24, 2004 REVISED DATE: APRIL 2014 Table of Contents 1 OVERVIEW 1 2 DIRECTIVE STATEMENT 2 3 DIRECTIVE
More informationStandards of. Conduct. Important Phone Number for Reporting Violations
Standards of Conduct It is the policy of Security Health Plan that all its business be conducted honestly, ethically, and with integrity. Security Health Plan s relationships with members, hospitals, clinics,
More informationRALLY SOFTWARE DEVELOPMENT CORP.
RALLY SOFTWARE DEVELOPMENT CORP. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS Approved by the Board of Directors on March 19 2013 PURPOSE The primary purpose of the Audit Committee (the Committee
More informationCalifornia Mutual Insurance Company Code of Business Conduct and Ethics
California Mutual Insurance Company Code of Business Conduct and Ethics This Code of Business Conduct and Ethics (the Code ) applies to all officers, employees, and directors of California Mutual Insurance
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationCONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1
CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1 THIS AGREEMENT is entered into on ( Effective Date ) by and between LaSalle County Health Department, hereinafter called Covered Entity and, hereinafter
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT
More informationPC CONNECTION, INC. CODE OF BUSINESS CONDUCT AND ETHICS
I. Purpose. PC CONNECTION, INC. CODE OF BUSINESS CONDUCT AND ETHICS Applicable to All Subsidiaries To establish uniform standards of conduct under which each of the PC Connection, Inc. family of companies
More informationcode of Business Conduct and ethics
code of Business Conduct and ethics Introduction This document provides information about our Code of Business Conduct and Ethics. All directors, officers and employees are individually and collectively
More informationSanchez Energy Corporation. Code of Business Conduct and Ethics
Sanchez Energy Corporation Code of Business Conduct and Ethics Introduction The Board of Directors (the Board ) of Sanchez Energy Corporation (the Company ) has adopted this Code of Business Conduct and
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,
More informationCODE OF BUSINESS CONDUCT AND ETHICS
1.0 INTRODUCTION Integrity is a core value of British Columbia Ferry Services Inc. and its subsidiaries ( BCF or the Company ). It is a fundamental principle of this organization that all Directors, Officers,
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationCODE OF BUSINESS CONDUCT AND ETHICS
CODE OF BUSINESS CONDUCT AND ETHICS Introduction This (the Code ) applies to Oceaneering International, Inc. and its subsidiaries and other affiliated companies (together referred to as our Company, us
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law
More informationPACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )
PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,
More informationCODE OF ETHICS AND PROFESSIONAL CONDUCT
CODE OF ETHICS AND PROFESSIONAL CONDUCT Mission To provide adults, caregivers and families with programs and services promoting an enhanced quality of life. Family Alliance, Inc. has a clearly stated charitable
More informationINSIDER TRADING POLICY
INSIDER TRADING POLICY a BACKGROUND: This Policy applies to directors, officers and employees at all levels of Alcoa Inc. ( Alcoa ) and of each domestic and foreign subsidiary, partnership, venture or
More informationInformation for Agents and Brokers Regarding the HIPAA Business Associate Agreement
Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement You may be aware that the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) requires health plans
More informationOnline (Internet) Banking Agreement and Disclosure
Online (Internet) Banking Agreement and Disclosure This Online (Internet) Banking Agreement and Disclosure ( the Agreement") explains the terms and conditions governing the basic Online Banking services
More informationBUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;
BUSINESS ASSOCIATE ADDENDUM This BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is made and entered into as of July 1, 2012, ( Effective Date ) and supplements and is made a part of the services agreement
More informationDLI CODE OF BUSINESS CONDUCT & ETHICS
DLI CODE OF BUSINESS CONDUCT & ETHICS All DLI employees, regardless of where they are located, must conduct their affairs with uncompromising honesty and integrity. Business ethics are no different from
More informationINFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security
INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security State Fair Community College shall provide a central administrative system for use in data collection and extraction. Any system user
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ), entered into and effective this day of,, is by and between ( Business Associate ) and Black, Gould & Associates, Inc.
More informationWe will pursue our business with honor, fairness, and respect for the individual and. the public at large ever mindful that there
O Business with Integrity O We will pursue our business with honor, fairness, and respect for the individual and the public at large ever mindful that there is no right way to do a wrong thing. Introduction
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationRevised 05/22/14 P a g e 1
Corporate Office 107 W. Franklin Street P.O. Box 638 Elkhart, IN 46515-0638 Phone (574) 294-7511 Fax (574) 522-5213 INTRODUCTION PATRICK INDUSTRIES, INC. CODE OF ETHICS AND BUSINESS CONDUCT As a leader
More informationCompliance Policy ALCO recommended standard
1. PURPOSE In accordance with CSSF Circular 2004/155, the board of directors of [NAME OF COMPANY] (hereafter the Company ) has adopted the following Compliance Policy. The Company s Compliance function
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Hereinafter "Agreement") dated as of, 2013, is made by and between (Hereinafter Covered Entity ) and (Hereinafter Business Associate ). ARTICLE
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationTHE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE
THE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE FORWARD I am pleased to introduce the mission and authorities of the Office of Inspector General for the Farm Credit Administration. I hope this
More informationPHI Air Medical, L.L.C. Compliance Plan
Page No. 1 of 13 Introduction: The PHI Air Medical, L.L.C. is to be used by employees, contractors and vendors to get a high level understanding of the key regulatory requirements relating to our participation
More informationGeneral HIPAA Implementation FAQ
General HIPAA Implementation FAQ What is HIPAA? Signed into law in August 1996, the Health Insurance Portability and Accountability Act ( HIPAA ) was created to provide better access to health insurance,
More informationProfessional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules
Professional Solutions Insurance Company Business Associate Agreement re HIPAA Rules I. Purpose of Agreement This Agreement reflects Professional Solutions Insurance Company s agreement to comply with
More informationSECTION-BY-SECTION ANALYSIS
INTRODUCED BY CONGRESSMAN RANDY NEUGEBAUER (R-TX) AND CONGRESSMAN JOHN CARNEY (D-DE) SECTION-BY-SECTION ANALYSIS Section 1: Short Title The Data Security Act of 2015. Section 2: Purposes The purposes of
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationBusiness Conduct, Compliance and Ethics Program. important
Business Conduct, Compliance and Ethics Program important Table of Contents Letter from Troy Kirchenbauer As healthcare s first online direct contracting market, aptitude is committed to upholding the
More informationBUSINESS ASSOCIATE AGREEMENT ( BAA )
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
More information3. Consent for the Collection, Use or Disclosure of Personal Information
PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationCHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS PURPOSE The Audit Committee (the Audit Committee ) is appointed by the Board of Directors (the Board ) of NVIDIA Corporation, a Delaware corporation
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationAS Merko Ehitus CODE OF BUSINESS ETHICS
AS Merko Ehitus CODE OF BUSINESS ETHICS AS Merko Ehitus 1 Introduction The purpose of the Code of Business Ethics, which is described in this document, is to provide guidance to employees, directors and
More informationby: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy
Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy June 10, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT
More informationCredit Union Code for the Protection of Personal Information
Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve
More information