TOOLBOX. ABA Financial Privacy

Size: px
Start display at page:

Download "TOOLBOX. ABA Financial Privacy"

Transcription

1 ABA Financial Privacy TOOLBOX This tool is designed to help you craft or revise your privacy policy and design your disclosures. It contains three sample privacy policy notices, the first of which is likely to meet the needs of most community banks. The other samples are designed for institutions with affiliates or that use third parties beyond the special exceptions in the law. It is best to complete the information self-assessment (Tool 2) first to determine which sample is the most appropriate starting place for your institution. Understand the Requirements of the GLB Act Draft Your Written Privacy Notice Sample 1 (for institutions without affiliates, including most community banks) Sample 2 (for institutions with affiliates) Sample 3 (for institutions with affiliates, joint marketing, and third party sharing outside of the exceptions) Ensure Third Parties Abide by Your Privacy Standards BANKERS

2 TOOL 3 CONTENTS Summary of Gramm-Leach-Bliley Regulation...3 Sample Privacy Policy Notices...5 Some Considerations in Preparing Your Privacy Notice...16 Sample Privacy Language for Third-party Contractors...18 Exceptions to the Opt-Out Provisions...20 C H E C K L I S T ABA Financial Privacy TOOLBOX Building Your Privacy Program Involve Your Board and Senior Management Consider a Board Privacy Resolution Review Your Employee Code of Conduct Appoint a Privacy Manager or Designate a Responsible Person Review Your Security Officer s Responsibilities Conducting an Information Self-Assessment Perform an Information Self-Assessment How do you collect information? How do you share customer information within your organization? How do you share information with third parties? How do you provide customer notice? How do you provide customers the right to opt out? How do you allow customer access and correction? How do you provide information security? How do you handle customer questions and concerns about privacy? Understand the Requirements of the GLB Act Draft Your Written Privacy Notice Sample 1 (for institutions without affiliates, including most community banks) Sample 2 (for institutions with affiliates) Sample 3 (for institutions with affiliates, joint marketing, and third party sharing outside of the exceptions) Ensure Third Parties Abide by Your Privacy Standards Going Beyond GLB: Medical Privacy & Identity Theft Stress The Importance of Keeping Medical Information Confidential Be Proactive in Preventing and Resolving Cases of Identity Theft Training Your Employees Implement Privacy Training Implement Training on Combating Pretext Calling BANKERS Communicating with Customers Communicate Your Institution s Policy Toward Privacy Communicate the Benefits of Information Sharing BANKERS 2

3 TOOL 3 Summary of Gramm-Leach-Bliley Regulation Summary of Gramm-Leach-Bliley Act Privacy Regulations (Regulation P) Effective Date The rule is effective November 13, 2000, but compliance is voluntary until July 1, Financial institutions must provide initial privacy notices to all existing customers by the July 1st date. Privacy Policy Notices Financial institutions are required to provide privacy policy notices that clearly and conspicuously, as well as accurately, reflect the institutions privacy policies and information-sharing practices. The final regulation mandates that the notices include the categories of information collected and disclosed, but institutions do not have to detail every source from which an institution collects personal information. In fact, the categories of information collected may be described in general terms, without specific examples. This will allow community banks, in most instances, to provide short statements and be in full compliance with the rule. Another option for privacy policy disclosure is to post the notice on your website for a customer who obtains the financial product electronically and agrees to receive the notice electronically. The disclosure must be reasonably understandable and designed to call attention to the nature and significance of the information. How and When to Provide Notices A current privacy policy notice is required from all institutions, both at the time an individual establishes a customer relationship with the financial institution and annually thereafter as long as the relationship exists. The regulations distinguish between consumers and customers. A customer is defined as a consumer with whom you have a continuing relationship. A customer must receive an initial privacy notice. Consumers, however, do not have a right to a privacy notice unless the institution plans to share that individual s nonpublic personal information with nonaffiliated third parties. If a financial institution subsequently revises its information-sharing practices, the institution must first provide customers (and consumers whose nonpublic personal information the institution plans to share with nonaffiliated third parties) with its revised privacy policy notice and, if appropriate, a new opt out notice. Separate notices are not required, however, for each new financial product or service if the existing privacy policy notice is accurate for that new product or service. Nonpublic Personal Information The rule utilizes new terminology to determine what is protected information. The term nonpublic personal information means any personally identifiable financial information of a customer or consumer. This is an extremely broad term. Any information is considered financial if requested by the institution for the purpose of providing a financial product or service. Also, the fact an individual is or has been a customer of a financial institution is personally identifiable financial information. Disclosure of Publicly Available Information Information will be deemed publicly available, and excluded from the definition of nonpublic personal information, if the institution has a reasonable basis to believe that the information is lawfully made available to the general public. An institution will have a reasonable basis for believing that information is lawfully made available if the financial institution has taken steps to determine that the information is of the type that is available to the general public and, if an individual could direct that the information not be made available to the general public, whether the individual has done so. Opt Out The ABA was successful in persuading Congress to include a number of exceptions (discussed below) to the privacy portion of the GLB Act that requires institutions to allow customers to opt out of third-party sharing. For the most part, community financial institutions will not have to offer the opt out because the transfers, if any, will be for traditional business activities and not for marketing purposes. Prior to disclosing a customer s or consumer s nonpublic personal information (not covered by an exception) with nonaffiliated third parties, financial institutions must provide a reasonable means and opportunity to opt out of having information shared, such as a toll-free telephone number. A financial institution, however, may not 3

4 TOOL 3 require a person to write his or her own letter in order to opt out. If a financial institution offers one or more alternative reasonable means to opt out, the institution may require use of one of those methods. A financial institution will need to honor an opt-out request as soon as reasonably practicable. Exceptions There are certain exceptions that permit financial institutions to share nonpublic information with third parties without providing privacy opt-out notices. These exceptions include disclosures of nonpublic personal information: made in connection with certain processing and servicing transactions; with the consent, or at the direction, of a customer or consumer; to protect against potential fraud or unauthorized transactions; to respond to judicial process; to provide the information to an employee of the institution who happens also to be an employee of a nonaffiliated third party. In addition, the GLB Act provides an exception for products or services provided pursuant to a joint marketing agreement between two or more financial institutions. In order to take advantage of this exception, however, financial institutions must disclose that it shares such information and must and enter into agreements to maintain the confidentiality of personal information. The last section (page 20) in this tool contains the portion of Regulation P that outlines these exceptions. Confidentiality, Security, and Integrity Section 501 of the Act requires the agencies to issue regulations establishing standards governing the administrative, technical and physical safeguards of customer information. The regulatory agencies issued a proposed rule in early June. However, for the required notices, Regulation P clarifies that institutions need only generally describe, in their privacy notices, who has access to the information and the circumstances under which the information may be accessed. Limits on Reuse of Information Section 502 of the Act bans the reuse of information by third parties. The agencies decided that no monitoring of reuse by financial institutions would be required since institutions routinely put language in their contracts prohibiting reuse of information. Financial institutions, however, should review their existing contracts with third parties. 4

5 TOOL 3 Sample Privacy Notices 1 We have included three sample privacy policy notices below. While many variations of such privacy policy notices are possible, these notices provide examples of the types of notices that financial institutions can consider depending on their information-sharing practices. 2 For most community banks, Sample 1 will meet your needs. You should, of course, confirm that the language you choose to use matches your specific situation. You could be subject to regulatory action and legal liability if your practices do not match your disclosed policies. We encourage you to consider offering additional information to customers about your information practices beyond the GLB Act requirements (e.g. medical data protection and identity theft prevention). We also encourage you to educate your customers about your information practices and the importance of responsible use and protection of their financial information. This will help to maintain the tradition of trust that characterizes your institution and our industry. Tools 4 through 6 are designed to assist you in these efforts. Sample 1 Designed for an institution that: Does not have affiliates; Does not disclose nonpublic personal information to third parties except as allowed in the law; 3 and Has no joint marketing agreements. Sample 2 Designed for an institution that: Has affiliates; Does not disclose nonpublic personal information to third parties except as allowed in the law; and Has no joint marketing agreements. Sample 3 Designed for an institution that: Has affiliates; Discloses information under the service provider/joint marketing opt-out exception; and Discloses information to third parties outside the opt-out exceptions. 1 This section was written by L. Richard Fischer, a partner with Morrison & Foerster, Washington, D.C. Mr. Fischer s practice focuses on financial services law and he is considered the nation s leading expert on financial privacy. Among other publications, Mr. Fischer is the author of the treatise entitled The Law of Financial Privacy, (2d ed.), published by Warren, Gorham & Lamont. 2 The sample privacy policy notices are based on sample clauses that are contained in Appendix A of the privacy regulations of the federal banking agencies. Institutions may use these sample clauses to meet the Section 503 privacy policy notice obligations. 3 See the Summary of Gramm-Leach-Bliley Act at the beginning of this tool for a summary of these exceptions (page 4) and see the final section of this tool for the text from the regulators final rule for the exceptions (page 20). 5

6 TOOL 3 Sample 1 Designed for an institution that does not have affiliates, does not disclose information outside of the Section 502(e) opt-out exceptions, and has no joint marketing agreements The sample privacy policy notice contained below is designed primarily for use by community banks to meet the privacy policy notice obligations contained in Section 503 of the Gramm-Leach-Bliley Act. This sample policy is based on three assumptions: 1) Your institution does not have affiliates; 2) Your institution is only disclosing nonpublic personal information to third parties in accordance with the opt out exceptions contained in Section 502(e) of the GLB Act; 4 and 3) Your institution has no joint marketing agreements. Based on these three assumptions, your institution s privacy policy notice is required to contain an accurate description of the following items of information: The categories of nonpublic personal information your institution collects; The fact that your institution does not disclose nonpublic personal information about current or former customers to affiliates or nonaffiliated third parties, except as authorized by the Section 502(e) exceptions; and Your institution s policies and practices with respect to protecting the confidentiality and security of nonpublic personal information. Sample 1 of the sample privacy policy notices is designed to meet these obligations. Before using this sample privacy policy notice, you should ensure that the information contained in it is consistent with your institution s actual privacy policies and practices. 6 4 See the section in this tool called Exceptions to the Opt-Out Provisions In Gramm-Leach-Bliley (page 20) which contains the parts of the regulations relating to the many exceptions available to the industry.

7 TOOL 3 Sample 1 Sample Privacy Policy Notice Protecting your privacy is important to [institution name] and our employees. We want you to understand what information we collect and how we use it. In order to provide our customers with a broad range of financial products and services as effectively and conveniently as possible, we use technology to manage and maintain customer information. The following policy serves as a standard for all [institution name] employees for collection, use, retention, and security of nonpublic personal information. What Information We Collect We may collect nonpublic personal information about you from the following sources: Information we receive from you on applications or other loan and account forms; Information about your transactions with us or others; and Information we receive from third parties such as credit bureaus. Nonpublic personal information is nonpublic information about you that we obtain in connection with providing a financial product or service to you. For example, nonpublic personal information includes information regarding your account balance, payment history, and overdraft history. What Information We Disclose We are permitted under law to disclose nonpublic personal information about you to other third parties in certain circumstances. For example, we may disclose nonpublic personal information about you to third parties to assist us in servicing your loan or account with us, to government entities in response to subpoenas, and to credit bureaus. We do not disclose any nonpublic personal information about you to anyone, except as permitted by law. If you decide to close your account(s) or become an inactive customer, we will continue to adhere to the privacy policies and practices described in this notice. Our Security Procedures We also take steps to safeguard customer information. We restrict access to your personal and account information to those employees who need to know that information to provide products or services to you. Employees who violate these standards will be subject to disciplinary measures. We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information. 7

8 TOOL 3 Sample 2 Designed for an institution that has affiliates, shares nonexperience information with them, but does not disclose information outside of the Section 502(e) opt-out exceptions The sample privacy policy notice presented below is based on the following assumptions: 1) Your institution collects information from its affiliates; 2) Your institution shares nonexperience information (from an application or credit report) with its affiliates and, thus, is required to provide an opt-out notice under section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act; and 3) Your institution only discloses nonpublic personal information to affiliates and nonaffiliated third parties in accordance with the opt-out exceptions. Before using this sample privacy policy notice, you should ensure that the information contained in this sample privacy policy notice is consistent with your institution s actual privacy policies and practices. 8

9 TOOL 3 Sample 2 Sample Privacy Policy Notice Protecting your privacy is important to [institution name] and our employees. We want you to understand what information we collect and how we use it. In order to provide our customers with a broad range of financial products and services as effectively and conveniently as possible, we use technology to manage and maintain customer information. The following policy serves as a standard for all [institution name] employees for collection, use, retention, and security of nonpublic personal information. What Information We Collect We may collect nonpublic personal information about you from the following sources: Information we receive from you on applications or other loan and account forms; Information about your transactions with us, our affiliates or others; and Information we receive from third parties such as credit bureaus. Nonpublic personal information is nonpublic information about you that we obtain in connection with providing a financial product or service to you. For example, nonpublic personal information includes information regarding your account balance, payment history, and overdraft history. What Information We Disclose We are permitted under law to share information about our experiences or transactions with you or your account (such as your account balance and your payment history with us) with companies related to us by common control or ownership ( affiliates ). We also may share additional information about you or your account (such as information we receive from you in applications and information from credit reporting agencies) with our affiliates. You may direct us not to disclose to our affiliates information that does not relate solely to our or our affiliates experiences or transactions with you or your account (such as the application information and credit bureau information) by calling us at xxx-xxxx. We also are permitted under law to disclose nonpublic personal information about you to nonaffiliated third parties (i.e., third parties that are not members of our corporate family) in certain circumstances. For example, we may disclose nonpublic personal information about you to such third parties to assist us in servicing your loan or account with us; to government entities in response to subpoenas; and to credit bureaus. We do not disclose any nonpublic personal information about you to any other third parties, except as permitted by law. If you decide to close your account(s) or become an inactive customer, we will continue to adhere to the privacy policies and practices described in this notice. Our Security Procedures We also take steps to safeguard customer information. We restrict access to your personal and account information to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information. 9

10 TOOL 3 Sample 3 Designed for an institution that has affiliates, shares nonexperience information with them, has joint marketing agreements, and discloses information outside of the opt-out exceptions This sample privacy policy notice presented below is based on the following assumptions: 1) Your institution collects information from its affiliates; 2) Your institution shares nonexperience information, such as application information or from a credit report, with its affiliates and, thus, is required to provide an opt-out notice under section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act; 3) Your institution discloses nonpublic personal information for marketing purposes to service providers or to other financial institutions with whom it has joint marketing arrangements; 5 and 4) Your institution discloses nonpublic personal information to affiliates and nonaffiliated third parties outside of the opt-out exceptions. The following two subsections provide language to modify your policies. Following these subsections, an example of a complete policy that takes these modifications into account is provided. Subsection 1: For Service Providers/Joint Marketing Exception If your institution discloses nonpublic personal information for marketing purposes to service providers or to other financial institutions with which it has joint marketing arrangements, you are required (in order to avoid offering an opt out) to include in your privacy policy notice an accurate description of the: categories of nonpublic personal information your institution discloses to such entities; and categories of third parties under contract with your institution. To meet this obligation, one of the two following alternatives, as applicable, should be included in your privacy policy notice. Alternative 1 would be used to list the specific categories of information that you disclose; Alternative 2 would be used if you disclose all of the information that you collect. 5 Under Section 502(b)(2) of the GLB Act, as implemented by Section of the federal regulatory agencies final privacy regulations. 10

11 TOOL 3 Alternative 1 We may disclose the following information to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing arrangements: Information we receive from you on applications or other forms, such as your name, address, social security number, assets and income; Information about transactions with us, [our affiliates] or others, such as your account balance, payment history, parties to transactions and credit card usage; and Information we receive from credit bureaus, such as your creditworthiness and your payment history. Alternative 2 We may disclose all of the information we collect, as described [describe location in the notice, such as above or below ] to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements. It is important that the alternative you use is consistent with your institution s information disclosure practices. 11

12 TOOL 3 Subsection 2: For Institutions that Disclose Nonpublic Personal Information Outside the Opt-Out Exceptions If your institution discloses nonpublic personal information outside of the Section 502(e) opt-out exceptions, you need to include in your privacy policy notice information regarding: Categories of nonpublic personal information your institution discloses; Categories of parties to whom your institution discloses nonpublic personal information; and An explanation of the consumer s right to opt out of the disclosure of nonpublic personal information to nonaffiliated third parties, including the method(s) by which the consumer may exercise that right. Categories of Nonpublic Personal Information With respect to the categories of nonpublic personal information that your institution discloses, the final privacy regulations provide that an institution may meet this obligation by including one of the following alternatives, as applicable, in its privacy policy notice. Alternative 1 would be used to list the specific categories information that you disclose; Alternative 2 would be used if you disclose all of the information that you collect. Alternative 1 We may disclose the following kinds of nonpublic personal information about you: Information we receive from you on applications or other loan and account forms, such as your name, address, social security number, assets and income; Information about your transactions with us, [our affiliates] or others, such as your account balance, payment history, parties to transactions, and credit card usage; Information we receive from credit bureaus, such as your creditworthiness and your payment history. Alternative 2 We may disclose all of the information that we collect, as described above [or below]. Again, it is important that the examples included in each of these paragraphs are consistent with the information disclosed to such entities by your institution. 12

13 TOOL 3 Categories of Parties to Whom the Institution Discloses Nonpublic Personal Information With respect to the categories of parties to whom the institution discloses nonpublic personal information and the explanation of the opt-out methods, the final privacy regulations provide that an institution may meet these obligations by including the following sample language, as applicable, in its privacy policy notice. 6 We may disclose nonpublic personal information about you to the following types of third parties: Financial service providers, such as [provide illustrative examples, such as mortgage bankers, securities broker-dealers and insurance agents ]; Non-financial companies, such as [provide illustrative examples, such as retailers, direct marketers, airlines and publishers ]; and Others, such as [provide illustrative examples, such as non-profit organizations ]. We also may disclose nonpublic personal information about you to nonaffiliated third parties (i.e., third parties that are not members of our corporate family) as permitted by law. Before using this sample privacy policy notice, you should ensure that the information contained in it is consistent with your institution s actual privacy policies and practices. Explanation of the Consumer s Right to Opt Out The following example is one way to provide an explanation of the consumer s right to opt out of the disclosure of nonpublic personal information to nonaffiliated third parties. Note that you should add a description of the way(s) which must be reasonable that consumers may exercise their opt-out right. If you prefer that we not disclose nonpublic personal information about you to nonaffiliated third parties [with respect to this loan or account], you may opt out of those disclosures, that is, you may direct us not to make those disclosures (other than disclosures permitted by law). If you wish to opt out of disclosures to nonaffiliated third parties, you may [describe a reasonable means of opting out, such as call the following toll-free number: (insert number) ].6 An example of such a privacy policy notice, selecting certain of the alternatives shown above, is contained on the following page. 6 It should also be noted that the regulations permit several additional opt out methods to the use of toll-free numbers. For example, you may offer: a designated check-off box in a prominent position on the form with the opt out notice; a reply form together with the opt out notice; and an electronic means to opt out if the consumer agrees to the electronic delivery of information. 13

14 TOOL 3 Sample 3 Sample Privacy Policy Notice Protecting your privacy is important to [institution name]. We want you to understand what information we collect and how we use it. In order to provide our customers with a broad range of financial products and services as effectively and conveniently as possible, we use technology to manage and maintain customer information. What Information We Collect We may collect nonpublic personal information about you from the following sources: Information we receive from you on applications or other loan and account forms; Information about your transactions with us, our affiliates or others; and Information we receive from third parties such as credit bureaus. Nonpublic personal information is nonpublic information about you that we obtain in connection with providing a financial product or service to you. For example, nonpublic personal information includes information regarding your account balance, payment history, and overdraft history. What Information We Disclose A. We may disclose the following kinds of nonpublic personal information about you: Information we receive from you on applications or other loan and account forms, such as your name, address, social security number, assets and income; Information about your transactions with us, our affiliates or others, such as your account balance, payment history, parties to transactions, and credit card usage; and Information we receive from credit bureaus, such as your creditworthiness and your payment history. B. We may disclose nonpublic personal information about you to the following types of affiliates (i.e., companies related to us by common control or ownership) and nonaffiliated third parties (i.e., third parties that are not members of our corporate family). Financial service providers, such as mortgage bankers, securities broker-dealers and insurance agents; Non-financial companies, such as retailers, direct marketers, airlines and publishers; and Others, such as non-profit organizations. If you prefer that we not disclose nonpublic personal information about you to such nonaffiliated third parties [with respect to this loan or account], you may opt out of those disclosures, that is, you may direct us not to make those disclosures (other than disclosures permitted by law). If you wish to opt out of disclosures to nonaffiliated third parties, you may call the following toll-free number: xxx-xxxx. CONTINUED 14

15 TOOL 3 Sample 3 - CONTINUED Sample Privacy Policy Notice C. In addition, we may disclose the following information to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing arrangements: Information we receive from you on applications or other forms, such as your name, address, social security number, assets and income; Information about transactions with us, our affiliates or others, such as your account balance, payment history, parties to transactions and credit card usage; and Information we receive from credit bureaus, such as your creditworthiness and your payment history. D. We also are permitted under law to share information about our experiences or transactions with you or your account (such as your account balance and your payment history with us) with our affiliates. We also may share additional information about you or your account (such as information we receive from you in applications and information from credit reporting agencies) with our affiliates. You may direct us not to disclose to our affiliates information that does not relate solely to our or our affiliates experiences or transactions with you or your account (such as the application information and credit bureau information) by calling us at xxx-xxxx. E. We also are permitted under law to disclose nonpublic personal information about you to nonaffiliated third parties in certain other circumstances. For example, we may disclose nonpublic personal information about you to third parties to assist us in servicing your loan or account with us, to government entities in response to subpoenas, and to credit bureaus. F. If you decide to close your account(s) or become an inactive customer, we will continue to adhere to the privacy policies and practices described in this notice. Our Security Procedures We also take steps to safeguard customer information. We restrict access to your personal and account information to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information. 15

16 TOOL 3 Some Considerations in Preparing Your Privacy Notice Consider Making a Timeline Privacy notices must be sent to your customers no later than July 1, A timeline will help you meet that deadline. There is a lot to do, including a self-assessment of your information practices, drafting your privacy notice that conforms with your practices, involving your board and senior management, training your staff, mailing notices, and establishing procedures to answer customer questions. Consider Public Versus Nonpublic Information The law requires protection of personally identifiable financial information, defined as nonpublic personal information if the information is not publicly available information. In general, publicly available information does not have the same protections as nonpublic personal information. The final rule states that information will be deemed to be publicly available if a financial institution has a reasonable basis to believe that the information is lawfully available to the general public. An institution will have a reasonable basis for believing that information is lawfully made available if the financial institution has taken steps to determine that the information is of the type that is available to the general public and, if an individual could direct that the information not be made available to the general public, whether the individual has done so. Consider The Following Examples of What Constitutes Nonpublic Personal Information Information a consumer provides on an application to obtain a loan, credit card, other financial product or service; Account balance information, payment history, overdraft history, and credit or debit card purchase information; The fact that an individual is or has been a customer or has obtained a financial product or service from your institution; Information about your customer that, if disclosed, would indicate that the individual is or has been your customer; Any information that a customer provides to you or that you or your agent otherwise obtain in connection with collection on a loan or servicing a loan; Any information you collect through an Internet cookie ; and Information from a credit report. Note: Aggregate data that do not contain personal identifiers are not considered nonpublic personal information. Consider Customer Versus Consumer The final rule makes a distinction between a consumer and a customer. A consumer is an individual who obtains or has obtained a financial product or service from you that is used primarily for personal, family or household purposes. A customer is defined as a consumer with whom you have a continuing relationship. It is important to note that a consumer is not considered a customer when obtaining a product or service in isolated transactions, such as an ATM transaction or cashing checks for a non-account holder. The distinction is important. You do not have to provide consumers notices unless you disclose that consumer s nonpublic personal information, while you must provide customers an initial notice of your privacy policy and a notice annually thereafter throughout the duration of the customer relationship. 16

17 TOOL 3 Consider Inactive Accounts Institutions do not have to provide annual notices to former customers. The final rule offers examples of such terminations, including a consecutive 12-month period without communications other than annual privacy notices and promotional material. The term inactive replaced the term dormant in the final rule. The characterizations of an account as inactive should eliminate any potential confusion with various state law interpretations of what constitutes dormant status and is consistent with the industry position that an institution s policy should control when an account becomes inactive. Consider Reviewing the Exceptions For Third-party Arrangements to Make Sure You Have Acceptable Outsourcing Arrangements Most community institutions meet the exceptions for third-party arrangements, so they do not have to provide opt out notices. It s a good idea to review each outsourcing arrangement so that you can show the regulators that you meet the exceptions. Consider Adding Your Privacy Notice to Your Website The final rule permits use of an institution s Website, with customer consent, for delivering the privacy and opt-out notices, but the notices must be clearly and conspicuously posted. This is different from an Internet policy that covers only what an institution may capture from Internet users. Check with your information security personnel before posting on the web. 17

18 TOOL 3 Sample Privacy Language for Third-Party Contractors 7 As part of the Gramm-Leach-Bliley Act, Congress enacted a limit on the reuse and redisclosure of information covered by the rule. The agencies also contemplated, but rejected, a requirement that institutions monitor third-party use of nonpublic personal information provided by the institutions. In keeping with the industry mission of advancing the cause of maintaining the trust of our customers, ABA urges institutions to require third parties to keep information confidential. The following are sample paragraphs that you can use in third-party agreements. Sample 1 Confidential Information. Contractor agrees that all information received by Contractor from [Institution Name] or from any other source on [Institution Name] s behalf is Confidential Information and shall be maintained in confidence and not disclosed, used or duplicated, except as described in this paragraph. Confidential Information includes, without limitation, all lists of customers, former customers, applicants and prospective customers and all information relating to and identified with such persons; business volumes or usage; financial information; pricing information; software, software documentation; and information concerning business plans or business strategy. Contractor may use Confidential Information only in connection with performance under this Agreement, and Contractor shall not copy Confidential Information or disclose Confidential Information to any third person, including employees of Contractor who do not need Confidential Information in order to perform under this Agreement. Confidential Information shall be returned to [Institution Name] or destroyed upon request of [Institution Name] once the services contemplated by this Agreement have been completed. Contractor shall not advertise, market or otherwise make known to others any information relating to the subject matter of this Agreement, including mentioning or implying the name of [Institution Name]. If Contractor proposes to disclose Confidential Information to a third party in order to perform under this Agreement, Contractor must first obtain the consent of [Institution Name] to make such disclosure and Contractor must enter into a confidentiality agreement with such third party under which that third party would be restricted from disclosing, using or duplicating such Confidential Information, except as consistent with this paragraph. If requested by [Institution Name], any employee, representative, agent or subcontractor of Contractor s shall enter into a non-disclosure agreement with [Institution Name] to protect the Confidential Information of Institution satisfactory to [Institution Name]. A breach by Contractor of its confidentiality obligations or the use by Contractor of [Institution Name] s name without prior consent may cause [Institution Name] to suffer irreparable harm in an amount not easily ascertained. Contractor agrees that any breach resulting from gross negligence, whether threatened or actual, will give [Institution Name] the right to terminate this Agreement immediately, obtain equitable relief, i.e., obtain an injunction to restrain such disclosure or use, and pursue all other remedies [Institution Name] may have at law or in equity. The provisions of this section shall survive the termination of this Agreement. 7 It is important that your legal counsel review the language to assure that it is consistent with your specific institution s circumstances. 18

19 TOOL 3 Sample 2 Contractor acknowledges that all information and documents disclosed by [Institution Name] to Contractor, or which come to Contractor s attention during the course of its performance of Services under this Agreement, constitute valuable assets of and are proprietary to [Institution Name], and also acknowledges that [Institution Name] has a responsibility to its customers and employees to keep [Institution Name] records and information confidential and proprietary. Sample 3 Contractor shall establish and maintain policies and procedures designed to insure the confidentiality of the customer information (non-public personal information). Among other things, the Contractor acknowledges that it is against federal law to disclose non-public personal information received from a financial institution under certain circumstances. Therefore, Contractor agrees not to disclose, either directly or indirectly, to any person, firm or corporation information of any kind, nature or description concerning matters affecting or relating to the business of [Institution Name] unless the information is already in the public domain. This provision shall survive termination of this Agreement. 19

20 TOOL 3 Exceptions to the Opt-Out Provisions in Gramm-Leach-Bliley The provisions in the GLB Act that address the sharing of information with third parties are perhaps the most important ones contained in the Act. Community financial institutions, in order to remain competitive, must sometimes share information outside their family of companies for a variety of purposes, including the need to offer a broad range of products and services. The American Bankers Association worked extremely hard to ensure that most smaller institutions would not be required to provide opt-out notices. The following opt out exceptions taken directly from Regulation P permit financial institutions to share nonpublic information with third parties without providing privacy opt out notices. Subpart C Exceptions Exception to opt out requirements for service providers and joint marketing. (a) General rule. (1) The opt out requirements in and do not apply when you provide nonpublic personal information to a nonaffiliated third party to perform services for you or functions on your behalf, if you: (i) Provide the initial notice in accordance with 216.4; and (ii) Enter into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which you disclosed the information, including use under an exception in or in the ordinary course of business to carry out those purposes. (2) Example. If you disclose nonpublic personal information under this section to a financial institution with which you perform joint marketing, your contractual agreement with that institution meets the requirements of paragraph (a)(1)(ii) of this section if it prohibits the institution from disclosing or using the nonpublic personal information except as necessary to carry out the joint marketing or under an exception in or in the ordinary course of business to carry out that joint marketing. (b) Service may include joint marketing. The services a nonaffiliated third party performs for you under paragraph (a) of this section may include marketing of your own products or services or marketing of financial products or services offered pursuant to joint agreements between you and one or more financial institutions. (c) Definition of joint agreement. For purposes of this section, joint agreement means a written contract pursuant to which you and one or more financial institutions jointly offer, endorse, or sponsor a financial product or service Exceptions to notice and opt out requirements for processing and servicing transactions. (a) Exceptions for processing transactions at consumer s request. The requirements for initial notice in 216.4(a)(2), for the opt out in and , and for service providers and joint marketing in do not apply if you disclose nonpublic personal information as necessary to effect, administer, or enforce a transaction that a consumer requests or authorizes, or in connection with: (1) Servicing or processing a financial product or service that a consumer requests or authorizes; (2) Maintaining or servicing the consumer s account with you, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity; or (3) A proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer. (b) Necessary to effect, administer, or enforce a transaction means that the disclosure is: 20

21 TOOL 3 (1) Required, or is one of the lawful or appropriate methods, to enforce your rights or the rights of other persons engaged in carrying out the financial transaction or providing the product or service; or (2) Required, or is a usual, appropriate or acceptable method: (i) To carry out the transaction or the product or service business of which the transaction is a part, and record, service, or maintain the consumer s account in the ordinary course of providing the financial service or financial product; (ii) To administer or service benefits or claims relating to the transaction or the product or service business of which it is a part; (iii) To provide a confirmation, statement, or other record of the transaction, or information on the status or value of the financial service or financial product to the consumer or the consumer s agent or broker; (iv) To accrue or recognize incentives or bonuses associated with the transaction that are provided by you or any other party; (v) To underwrite insurance at the consumer s request or for reinsurance purposes, or for any of the following purposes as they relate to a consumer s insurance: account administration, reporting, investigating, or preventing fraud or material misrepresentation, processing premium payments, processing insurance claims, administering insurance benefits (including utilization review activities), participating in research projects, or as otherwise required or specifically permitted by Federal or State law; or (vi) In connection with: (A) The authorization, settlement, billing, processing, clearing, transferring, reconciling or collection of amounts charged, debited, or otherwise paid using a debit, credit, or other payment card, check, or account number, or by other payment means; (B) The transfer of receivables, accounts, or interests therein; or (C) The audit of debit, credit, or other payment information Other exceptions to notice and opt out requirements. (a) Exceptions to opt out requirements. The requirements for initial notice in 216.4(a)(2), for the opt out in and , and for service providers and joint marketing in do not apply when you disclose nonpublic personal information: (1) With the consent or at the direction of the consumer, provided that the consumer has not revoked the consent or direction; (2)(i) To protect the confidentiality or security of your records pertaining to the consumer, service, product, or transaction; (ii) To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; (iii) For required institutional risk control or for resolving consumer disputes or inquiries; (iv) To persons holding a legal or beneficial interest relating to the consumer; or (v) To persons acting in a fiduciary or representative capacity on behalf of the consumer; (3) To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating you, persons that are assessing your compliance with industry standards, and your attorneys, accountants, and auditors; (4) To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C et seq.), to law enforcement agencies (including a federal functional regulator, the Secretary of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records and Reports on Monetary Instruments and Transactions) and 12 U.S.C. Chapter 21 (Financial Recordkeeping), a State insurance authority, with respect to any person domiciled in that insurance authority s State that is 21

22 TOOL 3 engaged in providing insurance, and the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety; (5)(i) To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C et seq.), or (ii) From a consumer report reported by a consumer reporting agency; (6) In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of such business or unit; or (7)(i) To comply with Federal, State, or local laws, rules and other applicable legal requirements; (ii) To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by Federal, State, or local authorities; or (iii) To respond to judicial process or government regulatory authorities having jurisdiction over you for examination, compliance, or other purposes as authorized by law. (b) Examples of consent and revocation of consent. (1) A consumer may specifically consent to your disclosure to a nonaffiliated insurance company of the fact that the consumer has applied to you for a mortgage so that the insurance company can offer homeowner s insurance to the consumer. (2) A consumer may revoke consent by subsequently exercising the right to opt out of future disclosures of nonpublic personal information as permitted under 216.7(f). 22

The Gramm-Leach-Bliley Act Privacy of Consumer Financial Information

The Gramm-Leach-Bliley Act Privacy of Consumer Financial Information FEDERAL TRADE COMMISSION BUREAU OF CONSUMER PROTECTION DIVISION OF FINANCIAL PRACTICES The Gramm-Leach-Bliley Act Privacy of Consumer Financial Information Subtitle A of Title V of the Gramm-Leach-Bliley

More information

THE PRIVACY PROVISIONS OF THE GRAMM-LEACH-BLILEY ACT AND THEIR IMPACT ON INSURANCE AGENTS & BROKERS PREPARED BY THE OFFICE OF THE GENERAL COUNSEL

THE PRIVACY PROVISIONS OF THE GRAMM-LEACH-BLILEY ACT AND THEIR IMPACT ON INSURANCE AGENTS & BROKERS PREPARED BY THE OFFICE OF THE GENERAL COUNSEL THE PRIVACY PROVISIONS OF THE GRAMM-LEACH-BLILEY ACT AND THEIR IMPACT ON INSURANCE AGENTS & BROKERS This memorandum is not intended to provide specific advice about individual legal, business, or other

More information

Part 716. Privacy of Consumer Financial Information and Appendix. 716.1 Purpose and scope. 716.2 Rule of construction. 716.3 Definitions.

Part 716. Privacy of Consumer Financial Information and Appendix. 716.1 Purpose and scope. 716.2 Rule of construction. 716.3 Definitions. PART 716 716.1 Purpose and scope. (a) Purpose. This part governs the treatment of nonpublic personal information about consumers by the credit unions listed in paragraph (b) of this section. This part:

More information

HOW TO COMPLY WITH THE GRAMM-LEACH-BLILEY ACT

HOW TO COMPLY WITH THE GRAMM-LEACH-BLILEY ACT HOW TO COMPLY WITH THE GRAMM-LEACH-BLILEY ACT The information contained herein has been provided by Keith E. Whann and Deanna L. Stockamp of the law firm Whann & Associates and is for general information

More information

TITLE 50: INSURANCE CHAPTER I: DEPARTMENT OF INSURANCE SUBCHAPTER tt: INSURANCE INFORMATION AND PRIVACY PROTECTION

TITLE 50: INSURANCE CHAPTER I: DEPARTMENT OF INSURANCE SUBCHAPTER tt: INSURANCE INFORMATION AND PRIVACY PROTECTION 50 ILLINOIS ADMINISTRATIVE CODE CH. I, '4002 TITLE 50: INSURANCE CHAPTER I: DEPARTMENT OF INSURANCE : INSURANCE INFORMATION AND PRIVACY PROTECTION PART 4002 PERSONAL INFORMATION PRIVACY PROTECTION Section

More information

Regulation P: Privacy of Consumer Financial Information. Frequently Asked Questions

Regulation P: Privacy of Consumer Financial Information. Frequently Asked Questions Regulation P: Privacy of Consumer Financial Information Frequently Asked Questions December 2001 Contents A. Financial institutions, products, and services that are covered under the Privacy Rule (Q.

More information

OCC Staff Responses to Questions from February 13-14, 2001, Telephone Seminar on Privacy Regulation Compliance

OCC Staff Responses to Questions from February 13-14, 2001, Telephone Seminar on Privacy Regulation Compliance OCC Staff Responses to Questions from February 13-14, 2001, Telephone Seminar on Privacy Regulation Compliance [Most recent questions and answers appear in bold text] Scope of the rule -- Section 40.1

More information

Regulation P Privacy of Consumer Financial Information

Regulation P Privacy of Consumer Financial Information Regulation P Privacy of Consumer Financial Information BACKGROUND AND OVERVIEW Title V, Subtitle A of the Gramm-Leach-Bliley Act ( GLBA ) governs the treatment of nonpublic personal information about consumers

More information

TOOLBOX. ABA Financial Privacy

TOOLBOX. ABA Financial Privacy ABA Financial Privacy TOOLBOX This tool will help ensure that privacy remains a core value in all corners of your institution. The success of your privacy program depends upon your board s and your management

More information

Privacy of Consumer Financial Information

Privacy of Consumer Financial Information Background and Overview Introduction Title V, Subtitle A of the Gramm-Leach-Bliley Act ( GLBA ) 1 governs the treatment of nonpublic personal information about consumers by financial institutions. Section

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

FAIR CREDIT REPORTING ACT (FCRA) OVERVIEW

FAIR CREDIT REPORTING ACT (FCRA) OVERVIEW FAIR CREDIT REPORTING ACT (FCRA) OVERVIEW The Fair Credit Reporting Act (FCRA) became effective on April 25, 1971. The FCRA is a part of a group of acts contained in the Federal Consumer Credit Protection

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the AGREEMENT ) is entered into this (the "Effective Date"), between Delta Dental of Tennessee ( Covered Entity ) and ( Business Associate

More information

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules Professional Solutions Insurance Company Business Associate Agreement re HIPAA Rules I. Purpose of Agreement This Agreement reflects Professional Solutions Insurance Company s agreement to comply with

More information

The Insurance Agent and Broker s Guide to Privacy

The Insurance Agent and Broker s Guide to Privacy The The Insurance Agent and Broker s Guide to Privacy April 16, 2001 This memorandum is not intended to provide specific advice about individual legal, business, or other questions. It was prepared solely

More information

A+ Financial Services, Inc., A+ Auto Insurance Agency, Inc., and A+ Loans, Inc. Privacy Policy (Last updated 03/05/2014)

A+ Financial Services, Inc., A+ Auto Insurance Agency, Inc., and A+ Loans, Inc. Privacy Policy (Last updated 03/05/2014) A+ Financial Services, Inc., A+ Auto Insurance Agency, Inc., and A+ Loans, Inc. Privacy Policy (Last updated 03/05/2014) This Privacy Policy explains the policy statement of A+ Financial Services, Inc.,

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

BUSINESS ASSOCIATE AGREEMENT ( BAA )

BUSINESS ASSOCIATE AGREEMENT ( BAA ) BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor

More information

NATIONAL FORECLOSURE MITIGATION COUNSELING PROGRAM. Privacy Agreement

NATIONAL FORECLOSURE MITIGATION COUNSELING PROGRAM. Privacy Agreement NATIONAL FORECLOSURE MITIGATION COUNSELING PROGRAM Privacy Agreement GreenPath is an IRC 501(c)(3) non-profit financial and credit counseling agency. Through its membership in the National Foundation for

More information

HSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS

HSHS BUSINESS ASSOCIATE AGREEMENT BACKGROUND AND RECITALS HSHS BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement, ( Agreement ) is entered into on the date(s) set forth below by and between Hospital Sisters Health System on its own behalf and

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and

More information

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM This HIPAA Addendum ("Addendum") is entered into effective this first day of November 1, 2015, by and between "Business Associate" AND COUNTY OF OTTAWA Ottawa County

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) by and between (hereinafter known as Covered Entity ) and Office Ally, LLC. (hereinafter known as Business Associate ), and

More information

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy. EFFECTIVE: February 2016 Version 1.2 CHECK 'N GO PRIVACY POLICY This Privacy Policy ("Policy") applies to the use of Check 'n Go (the "Company") online sites and any Company affiliate or subsidiary sites.

More information

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2005 H 2 HOUSE BILL 629 Committee Substitute Favorable 5/18/05

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2005 H 2 HOUSE BILL 629 Committee Substitute Favorable 5/18/05 GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 0 H HOUSE BILL Committee Substitute Favorable //0 Short Title: Option to Freeze Credit Report. Sponsors: Referred to: March, 0 (Public) A BILL TO BE ENTITLED

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ), is made effective as of the sign up date on the login information page of the CarePICS.com website, by and between CarePICS,

More information

How To Protect Your Information From Being Used For Profit

How To Protect Your Information From Being Used For Profit Article 39. Consumer and Customer Information Privacy. Part 1. Insurance Information and Privacy Protection. 58-39-1. Short titles. This Article may be cited as the Consumer and Customer Information Privacy

More information

JOINT NOTICE OF PRIVACY PRACTICES

JOINT NOTICE OF PRIVACY PRACTICES National Guardian Life Insurance Company Avesis Third Party Administrators, Inc. JOINT NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND

More information

DATA USE AGREEMENT RECITALS

DATA USE AGREEMENT RECITALS DATA USE AGREEMENT This Data Use Agreement (the Agreement ), effective as of the day of, 20, is by and between ( Covered Entity ) and ( Limited Data Set Recipient or Recipient ) (collectively, the Parties

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

Fair and Accurate Credit Transactions Act of 2003

Fair and Accurate Credit Transactions Act of 2003 Overview of FCRA Legislation Fair and Accurate Credit Transactions Act of 2003 1-800-BANKERS www.aba.com 1120 Connecticut Avenue, NW Washington, DC 20036 1-800-BANKERS www.aba.com World-Class Solutions,

More information

BEXIL AMERICAN MORTGAGE INC./AMERICAN MORTGAGE NETWORK BROKER GUIDE

BEXIL AMERICAN MORTGAGE INC./AMERICAN MORTGAGE NETWORK BROKER GUIDE BEXIL AMERICAN MORTGAGE INC./AMERICAN MORTGAGE NETWORK BROKER GUIDE This Broker Guide ( Guide ), as supplemented and amended from time to time by Bexil American Mortgage Inc./American Mortgage Network

More information

Merchant Gateway Services Agreement

Merchant Gateway Services Agreement Merchant Gateway Services Agreement This Merchant Gateway Services Agreement ( Agreement ) is made as of, 20 ( Effective Date ), by and between American POS Alliance, LLC ( Reseller ) and the merchant

More information

VIII 6.1. VIII. Privacy Fair Credit Reporting Act. Fair Credit Reporting Act. Structure and Overview of Examination Modules.

VIII 6.1. VIII. Privacy Fair Credit Reporting Act. Fair Credit Reporting Act. Structure and Overview of Examination Modules. Fair Credit Reporting Act Introduction The Fair Credit Reporting Act (FCRA) (15 USC 1681-1681u) became effective on April 25, 1971. The FCRA is a part of a group of acts contained in the Federal Consumer

More information

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1

CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1 CONTRACT ADDENDUM BUSINESS ASSOCIATE CONTRACT 1 THIS AGREEMENT is entered into on ( Effective Date ) by and between LaSalle County Health Department, hereinafter called Covered Entity and, hereinafter

More information

Troy Cablevision, Inc. Subscriber Privacy Policy

Troy Cablevision, Inc. Subscriber Privacy Policy Troy Cablevision, Inc. Subscriber Privacy Policy Troy Cablevision, Inc. ( Troy Cable ) is committed to protecting and securely maintaining our customers privacy. The following privacy policy applies to

More information

Selected Text of the Fair Credit Reporting Act (15 U.S.C. 1681 1681v) With a special Focus on the Impact to Mortgage Lenders

Selected Text of the Fair Credit Reporting Act (15 U.S.C. 1681 1681v) With a special Focus on the Impact to Mortgage Lenders Selected Text of the Fair Credit Reporting Act (15 U.S.C. 1681 1681v) as Amended by the Fair and Accurate Credit Transactions Act of 2003 (Public Law No. 108-159) With a special Focus on the Impact to

More information

BUSINESS ASSOCIATE AGREEMENT TERMS

BUSINESS ASSOCIATE AGREEMENT TERMS BUSINESS ASSOCIATE AGREEMENT TERMS This Addendum ( Addendum ) is incorporated into and made part of the Agreement between SIGNATURE HEALTHCARE CORPORATION ("Covered Entity ) and ( Business Associate"),

More information

Please read and execute the attached Los Angeles World Airports (LAWA) Non-Disclosure Agreement (NDA).

Please read and execute the attached Los Angeles World Airports (LAWA) Non-Disclosure Agreement (NDA). INSTRUCTIONS FOR COMPLETING THE LOS ANGELES WORLD AIRPORTS NON-DISCLOSURE AGREEMENT Please read and execute the attached Los Angeles World Airports (LAWA) Non-Disclosure Agreement (NDA). The LAWA NDA must

More information

Business Credit Consulting Agreement

Business Credit Consulting Agreement Business Credit Consulting Agreement THIS AGREEMENT is entered into by and between Business Credit Advisor or Business Credit Coach ( Advisor ) Business Credit Consulting Client ( Client ) and the Business

More information

Privacy Policy & Identity Theft Prevention Program

Privacy Policy & Identity Theft Prevention Program Privacy Policy & Identity Theft Prevention Program Orcam Financial Group LLC PO Box 91098 4640 Cass St San Diego, CA 92109 (858) 220-5383 Orcam Financial Group LLC Privacy Policy February, 2014 Page 1

More information

CFPB Consumer Laws and Regulations

CFPB Consumer Laws and Regulations Fair Credit Reporting Act Background and Summary The Fair Credit Reporting Act () 1 became effective on April 25, 1971. The is a part of a group of acts contained in the Federal Consumer Credit Protection

More information

AGREEMENT. Solicitor Without Per Diem Compensation

AGREEMENT. Solicitor Without Per Diem Compensation Solicitor Without Per Diem Compensation AGREEMENT Products underwritten by: American General Life Insurance Company Houston, Texas The United States Life Insurance Company in the City of New York New York,

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

CREDIT REPAIR ORGANIZATIONS ACT 15 U.S.C. 1679 et. seq.

CREDIT REPAIR ORGANIZATIONS ACT 15 U.S.C. 1679 et. seq. CREDIT REPAIR ORGANIZATIONS ACT 15 U.S.C. 1679 et. seq. Please note that the information contained herein should not be construed as legal advice and is intended for informational purposes only. In addition,

More information

(1) ECMC has obtained substantial private student loan debt relief for current and former Corinthian students.

(1) ECMC has obtained substantial private student loan debt relief for current and former Corinthian students. February 2, 2015 Hon. Richard Cordray Director Consumer Financial Protection Bureau 1700 G St. NW Washington, DC 20552 RE: ECMC Group, Inc. s purchase of certain Corinthian Colleges, Inc. assets Dear Director

More information

AIG INSURANCE COMPANY OF CANADA Privacy Principles

AIG INSURANCE COMPANY OF CANADA Privacy Principles AIG and Individual Privacy We at AIG Insurance Company of Canada (referred to as AIG, we, our, or us ) abide by these and want you, our applicants, policyholders, insureds, claimants, and any other individuals

More information

Reverse Mortgage Specialist

Reverse Mortgage Specialist ADVISOR/LENDER APPLICANT ASSISTANCE AGREEMENT This ADVISOR/LENDER APPLICANT ASSISTANCE AGREEMENT (the Agreement ) is made this day of, 200_ by and between Oaktree Funding Corporation, a California Corporation

More information

Analysis of the California Financial Information Privacy Act ( SB1 ) by Leland Chan, General Counsel California Bankers Association

Analysis of the California Financial Information Privacy Act ( SB1 ) by Leland Chan, General Counsel California Bankers Association Analysis of the California Financial Information Privacy Act ( SB1 ) by Leland Chan, General Counsel California Bankers Association The California Financial Information Privacy Act ( SB1 ) 1 was signed

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (hereinafter Agreement ) is between COVERED ENTITY NAME (hereinafter Covered Entity ) and BUSINESS ASSOCIATE NAME (hereinafter Business

More information

GENERAL AGENT AGREEMENT

GENERAL AGENT AGREEMENT Complete Wellness Solutions, Inc. 6338 Constitution Drive Fort Wayne, Indiana 46804 GENERAL AGENT AGREEMENT This Agreement is made by and between Complete Wellness Solutions, Inc. (the Company ) and (the

More information

Appendix : Business Associate Agreement

Appendix : Business Associate Agreement I. Authority: Pursuant to 45 C.F.R. 164.502(e), the Indian Health Service (IHS), as a covered entity, is required to enter into an agreement with a business associate, as defined by 45 C.F.R. 160.103,

More information

Fair Credit Reporting

Fair Credit Reporting Fair Credit Reporting Background The Fair Credit Reporting Act (FCRA) deals with the rights of consumers in relation to their credit reports and the obligations of credit reporting agencies and the businesses

More information

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law. HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial

More information

How To Comply With The Federal Consumer Reporting Act

How To Comply With The Federal Consumer Reporting Act Fair Credit Reporting Act 1 The Fair Credit Reporting Act (FCRA) 2 became effective on April 25, 1971. The FCRA is a part of a group of acts contained in the Federal Consumer Credit Protection Act 3 such

More information

2480a. Definitions. 2480b. Disclosures to consumers

2480a. Definitions. 2480b. Disclosures to consumers Vermont Statutes Annotated Title 9 Commerce and Trade Part 3 0 Sales, Assignments and Secured Transactions Chapter 63 Consumer Fraud Subtitle 3 Fair Credit Reporting 2480a. Definitions For purposes of

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement User of any Nemaris Inc. (Nemaris) products or services including but not limited to Surgimap Spine, Surgimap ISSG, Surgimap SRS, Surgimap Office, Surgimap Ortho, Surgimap

More information

Agreement For Trainee Position At [Company Name]

Agreement For Trainee Position At [Company Name] Agreement For Trainee Position At [Company Name] Purpose The purpose of the Trainee Agreement is to identify the skill, trade or occupation for which the trainee is being trained and confirm the qualifying

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This BA Agreement, effective as of the effective date of the Terms of Use, adds to and is made part of the Terms of Use by and between Business Associate and Covered Entity.

More information

STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 2014 (the Effective Date ), by and between (a) GI Quality Improvement Consortuim,

More information

Corporate Governance. Document Request List Funds

Corporate Governance. Document Request List Funds Document Request List Funds Please provide documents noted below, as applicable, in English. For new funds or existing funds where requested documents are currently being developed, please provide draft

More information

CUSTOMER LIST PURCHASE AGREEMENT BY AND BETWEEN RICHARD PENNER SELLER. and S&W SEED COMPANY BUYER

CUSTOMER LIST PURCHASE AGREEMENT BY AND BETWEEN RICHARD PENNER SELLER. and S&W SEED COMPANY BUYER EXHIBIT 10.1 CUSTOMER LIST PURCHASE AGREEMENT BY AND BETWEEN RICHARD PENNER as SELLER and S&W SEED COMPANY as BUYER CUSTOMER LIST PURCHASE AGREEMENT THIS CUSTOMER LIST PURCHASE AGREEMENT ( Agreement )

More information

PRIVACY POLICY. www.haiti-now.org -- PO Box 190 662 Miami Beach, FL 33139 -- Tel. +1 786-664- 7747

PRIVACY POLICY. www.haiti-now.org -- PO Box 190 662 Miami Beach, FL 33139 -- Tel. +1 786-664- 7747 PRIVACY POLICY This Privacy Policy sets forth the policies of Ayiti Now Corp ("ANC") with respect to nonpublic information you provide to us through this web site (the "Site"). These policies may be changed

More information

The New Federal F i n a n c i a l Privacy Law. A Comprehensive Approach That Should be Given Time to Wo r k

The New Federal F i n a n c i a l Privacy Law. A Comprehensive Approach That Should be Given Time to Wo r k The New Federal F i n a n c i a l Privacy Law A Comprehensive Approach That Should be Given Time to Wo r k This booklet provides an overview of the comprehensive new federal financial privacy law that

More information

UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION

UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION ) In the Matter of ) FILE NO. ) ACRAnet, INC., ) AGREEMENT CONTAINING a corporation. ) CONSENT ORDER ) ) The Federal Trade Commission ( Commission ) has

More information

1. LIMITATIONS ON ACCESS TO, OR DISCLOSURE OF, PERSONALLY IDENTIFIABLE INFORMATION.

1. LIMITATIONS ON ACCESS TO, OR DISCLOSURE OF, PERSONALLY IDENTIFIABLE INFORMATION. MODEL MASSACHUSETTS PRIVACY LEGISLATION 1 1. LIMITATIONS ON ACCESS TO, OR DISCLOSURE OF, PERSONALLY IDENTIFIABLE INFORMATION. (A) AUTHORIZED REPRESENTATIVES. 2 The Department of Elementary and Secondary

More information

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) THIS AGREEMENT is entered into and made effective the day of, 2012 (the Effective Date ), by and between (a)

More information

Protecting your privacy

Protecting your privacy Protecting your privacy Table of Contents Answering your questions about privacy Your privacy... 1 Your consent... 1 Answering your questions about privacy... 2 About cookies... 9 Behavioural Advertising/Online

More information

NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES. FIFTH AMENDMENT TO 11 NYCRR 20 (INSURANCE REGULATIONS 9, 18 and 29) BROKERS AND AGENTS GENERAL

NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES. FIFTH AMENDMENT TO 11 NYCRR 20 (INSURANCE REGULATIONS 9, 18 and 29) BROKERS AND AGENTS GENERAL NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES FIFTH AMENDMENT TO 11 NYCRR 20 (INSURANCE REGULATIONS 9, 18 and 29) BROKERS AND AGENTS GENERAL FIFTH AMENDMENT TO 11 NYCRR 29 (INSURANCE REGULATION 87) SPECIAL

More information

Iowa Student Loan Online Privacy Statement

Iowa Student Loan Online Privacy Statement Iowa Student Loan Online Privacy Statement Revision date: Jan.6, 2014 Iowa Student Loan Liquidity Corporation ("Iowa Student Loan") understands that you are concerned about the privacy and security of

More information

NorthStar Alarm Services. Website Privacy Policy

NorthStar Alarm Services. Website Privacy Policy NorthStar Alarm Services Website Privacy Policy NorthStar Alarm Services ( NorthStar ) values your privacy. To that end, we strive to provide a safe, secure online user experience for you. In this Privacy

More information

Schedule 14 CDS Data Center Hosting Agreement

Schedule 14 CDS Data Center Hosting Agreement Schedule 14 This Hosting Agreement ( Agreement ) for the Central Data System is made as of, 2012 (the Effective Date ) by and between the Washington Metropolitan Area Transit Authority (the "Authority"

More information

16 LC 37 2118ER A BILL TO BE ENTITLED AN ACT BE IT ENACTED BY THE GENERAL ASSEMBLY OF GEORGIA:

16 LC 37 2118ER A BILL TO BE ENTITLED AN ACT BE IT ENACTED BY THE GENERAL ASSEMBLY OF GEORGIA: Senate Bill 347 By: Senator Bethel of the 54th A BILL TO BE ENTITLED AN ACT 1 2 3 4 5 6 To amend Title 33 of the Official Code of Georgia Annotated, relating to insurance, so as to provide for extensive

More information

Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection

Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection (7 U.S.C. 26) i 26. Commodity whistleblower incentives and protection (a) Definitions. In this section: (1) Covered

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

June 16, 2014. Periodic Mortgage Statements for Bankruptcy-Protected Debtors

June 16, 2014. Periodic Mortgage Statements for Bankruptcy-Protected Debtors June 16, 2014 The Honorable Richard Cordray Director Consumer Financial Protection Bureau 1700 G Street, N.W. Washington, D.C. 20552 Re: Periodic Mortgage Statements for Bankruptcy-Protected Debtors Dear

More information

3. "Consumer reporting agency" has the meaning ascribed to it in 15 U.S.C. Sec. 1681a(f).

3. Consumer reporting agency has the meaning ascribed to it in 15 U.S.C. Sec. 1681a(f). Combo security freeze bill with consensus areas. Where no consensus: AG language in left column, CDIA language in right column. In some cases, differences on specific points are identified in text of bill.

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. The terms and conditions of this document entitled Business Associate Agreement ( Business Associate Agreement ), shall be attached to and incorporated by reference in the

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is effective September 1, 2013 and made between Community Health Solutions of America, Inc., a Florida corporation ( CHS ) and ( Company ).

More information

NSW Self Insurance Corporation Amendment (Home Warranty Insurance) Act 2010 No 30

NSW Self Insurance Corporation Amendment (Home Warranty Insurance) Act 2010 No 30 New South Wales NSW Self Insurance Corporation Amendment (Home Warranty Insurance) Contents Page 1 Name of Act 2 2 Commencement 2 Schedule 1 Amendment of NSW Self Insurance Corporation Act 2004 No 106

More information

Subtitle B Increasing Regulatory Enforcement and Remedies

Subtitle B Increasing Regulatory Enforcement and Remedies H. R. 4173 466 activities and evaluates the effectiveness of the Ombudsman during the preceding year. The Investor Advocate shall include the reports required under this section in the reports required

More information

All travel must be booked in the applicable class of service for discounts to apply.

All travel must be booked in the applicable class of service for discounts to apply. Updated March 2015 CORPORATE FARE TERMS & CONDITIONS The following terms and conditions govern the Corporate Fare Agreement. It is the Purchaser s responsibility to read and understand all the terms and

More information

THE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE

THE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE THE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE FORWARD I am pleased to introduce the mission and authorities of the Office of Inspector General for the Farm Credit Administration. I hope this

More information

Kaiser Permanente Affiliate Link Provider Web Site Application

Kaiser Permanente Affiliate Link Provider Web Site Application Kaiser Foundation Health Plan of Colorado Kaiser Permanente Affiliate Link Provider Web Site Application FOR PROVIDERS CONTRACTED WITH KAISER IN THE COLORADO REGION ONLY Page 1 of 7 Kaiser Permanente Affiliate

More information

SENATE DOCKET, NO. 176 FILED ON: 1/14/2015. SENATE... No. 226. The Commonwealth of Massachusetts PRESENTED BY: Marc R. Pacheco

SENATE DOCKET, NO. 176 FILED ON: 1/14/2015. SENATE... No. 226. The Commonwealth of Massachusetts PRESENTED BY: Marc R. Pacheco SENATE DOCKET, NO. 176 FILED ON: 1/14/2015 SENATE.............. No. 226 The Commonwealth of Massachusetts PRESENTED BY: Marc R. Pacheco To the Honorable Senate and House of Representatives of the Commonwealth

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Contract (Agreement) is entered into by and between, as a Covered Entity as defined in relevant federal and state law, and HMS Agency, Inc., as their

More information

FORTUNA SILVER MINES INC. (the "Company")

FORTUNA SILVER MINES INC. (the Company) FORTUNA SILVER MINES INC. (the "Company") BLACKOUTS AND SECURITIES TRADING POLICY The Company encourages all employees, officers and directors to become shareholders of the Company on a long-term investment

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Addendum is made part of the agreement between Boston Medical Center ("Covered Entity ) and ( Business Associate"), dated [the Underlying Agreement ]. In connection with

More information

CBIA Service Corporation Privacy and Security Notice

CBIA Service Corporation Privacy and Security Notice July 1, 2012 CBIA Service Corporation Privacy and Security Notice THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA)

HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA) Sí necesita ayuda para traducir esta información, por favor comuníquese con el departamento de Servicios a miembros de Highmark Delaware al número al réves de su tarjeta de identificación de Highmark Delaware.

More information

PRIVACY AND SECURITY POLICY

PRIVACY AND SECURITY POLICY assess, align, achieve PRIVACY AND SECURITY POLICY ath Power Consulting is a professional market research and consulting firm. We are committed to maintaining the privacy of our website users, clients,

More information

Credit Union Code for the Protection of Personal Information

Credit Union Code for the Protection of Personal Information Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information