- This topic has 2 replies, 3 voices, and was last updated 3 years ago by
.
-
Posts
-
1. Would an appraisal the bank obtained for a consumer loan application be included under Reg P’s definition of personally identifiable information that the bank must keep secure and private? Seems like it would fall under 1016.3(q)(1) Any Information – (iii) You otherwise obtain about a consumer in connection with providing a financial product or service to that consumer.
2. Would an employee e-mailing an appraisal using their personal e-mail account constitute a violation of P? (while the bank has e-mail encryption for work e-mail accounts, the bank would not know the extent of the security or lack thereof for an employee’s personal e-mail)
Yes, I believe it would be considered personally identifiable information. Reg P, 1016.3(q)(2) states examples of non-public personal information as:
(2) Examples. (i) Information included. Personally identifiable financial information includes:
(A) Information a consumer provides to you on an application to obtain a loan, a credit card, a credit union membership, or other financial product or service;
(B) Account balance information, payment history, overdraft history, and credit or debit card purchase information;
(C) The fact that an individual is or has been one of your customers or has obtained a financial product or service from you;
(D) Any information about your consumer if it is disclosed in a manner that indicates that the individual is or has been your consumer;
(E) Any information that a consumer provides to you or that you or your agent otherwise obtain in connection with collecting on, or servicing, a loan or a credit account;
(F) Any information you collect through an internet “cookie” (an information collecting device from a Web server); and
(G) Information from a consumer report.
Also consider FFIEC information security requirements. Here’s a link to electronic transmission of information.
https://ithandbook.ffiec.gov/it-booklets/information-security/ii-information-security-program-management/iic-risk-mitigation/iic13-control-of-information/iic13(b)-electronic-transmission-of-information.aspx
- You must be logged in to reply to this topic.