Skip to main content

Search

Fair Credit Reporting: III. CUSTOMER NOTICE

Financial institutions have an affirmative duty to protect their customers’ information against unauthorized access or use. Notifying customers of a security incident involving the unauthorized access or use of the customer’s information in accordance with the standard set forth below is a key part of that duty. Timely notification of customers is important to manage an institution’s reputation risk.

Fair Credit Reporting: Amendment History

[63 Fed. Reg. 55,484, 55,486 (Oct. 15, 1998); 64 Fed. Reg. 66,706 (Nov. 29, 1999); 66 Fed. Reg. 8638 (Feb. 1, 2001); 69 Fed. Reg. 77,610 (Dec. 28, 2004); 70 Fed. Reg. 15,736 (Mar. 29, 2005); 71 Fed. Reg. 5780 (Feb. 3, 2006)]

Fair Credit Reporting: 12 C.F.R. Appendix B to Part 570 [Removed]

[63 Fed. Reg. 55,484, 55,486 (Oct. 15, 1998); 64 Fed. Reg. 66,706 (Nov. 29, 1999); 66 Fed. Reg. 8640 (Feb. 1, 2001); 69 Fed. Reg. 77,610 (Dec. 28, 2004); 70 Fed. Reg. 15,736 (Mar. 29, 2005); 71 Fed. Reg. 5780 (Feb. 3, 2006); 82 Fed. Reg. 47,084 (Oct. 11, 2017)]

Fair Credit Reporting: 12 C.F.R. § 748.0 Security program.

(a) Each federally insured credit union will develop a written security program within 90 days of the effective date of insurance.

(b) The security program will be designed to:

(1) Protect each credit union office from robberies, burglaries, larcenies, and embezzlement;

Fair Credit Reporting: TABLE OF CONTENTS

I. Introduction

A. Scope

B. Definitions

II. Guidelines for Safeguarding Member Information

A. Information Security Program

B. Objectives

III. Development and Implementation of Member Information Security Program

A. Involve the Board of Directors

B. Assess Risk

C. Manage and Control Risk

D. Oversee Service Provider Arrangements

E. Adjust the Program

F. Report to the Board

Fair Credit Reporting: I. INTRODUCTION

The Guidelines for Safeguarding Member Information (Guidelines) set forth standards pursuant to sections 501 and 505(b), codified at 15 U.S.C. 6801 and 6805(b), of the Gramm-Leach-Bliley Act. These Guidelines provide guidance standards for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of member information. These Guidelines also address standards with respect to the proper disposal of consumer information pursuant to sections 621(b) and 628 of the Fair Credit Reporting Act (15 U.S.C.

Fair Credit Reporting: II. STANDARDS FOR SAFEGUARDING MEMBER INFORMATION

A. Information Security Program. A comprehensive written information security program includes administrative, technical, and physical safeguards appropriate to the size and complexity of the credit union and the nature and scope of its activities. While all parts of the credit union are not required to implement a uniform set of policies, all elements of the information security program must be coordinated.

Fair Credit Reporting: III. DEVELOPMENT AND IMPLEMENTATION OF MEMBER INFORMATION SECURITY PROGRAM

A. Involve the Board of Directors. The board of directors or an appropriate committee of the board of each credit union should:

1. Approve the credit union’s written information security policy and program; and

2. Oversee the development, implementation, and maintenance of the credit union’s information security program, including assigning specific responsibility for its implementation and reviewing reports from management.

Fair Credit Reporting: Amendment History

[66 Fed. Reg. 8161 (Jan. 30, 2001); 69 Fed. Reg. 69,269 (Nov. 29, 2004); 77 Fed. Reg. 71,085 (Nov. 29, 2012); 78 Fed. Reg. 32,545 (May 31, 2013); 84 Fed. Reg. 1609 (Feb. 5, 2019)]

Fair Credit Reporting: I. Background

This appendix provides guidance on NCUA’s Security Program, Suspicious Transactions, Catastrophic Acts, Cyber Incidents, and Bank Secrecy Act Compliance regulation,70 interprets section 501(b) of the Gramm-Leach-Bliley Act (“GLBA”) and describes response programs, including member notification procedures, that a federally insured credit union should develop and implement to address unauthorized access to or use of member information that could result in substantial harm or inconvenience to a member.

Fair Credit Reporting: II. Response Program

i. Millions of Americans, throughout the country, have been victims of identity theft.75 Identity thieves misuse personal information they obtain from a number of sources, including credit unions, to perpetrate identity theft. Therefore, credit unions should take preventative measures to safeguard member information against such attempts to gain unauthorized access to the information.

Fair Credit Reporting: III. Member Notice

i. Credit unions have an affirmative duty to protect their members’ information against unauthorized access or use. Notifying members of a security incident involving the unauthorized access or use of the member’s information in accordance with the standard set forth below is a key part of that duty.

Fair Credit Reporting: G.4 Sample Opt-Out Notices

This appendix section reprints the sample clauses that the CFPB has designated as meeting the opt-out notice requirements of the Gramm-Leach-Bliley Act and its regulations. Regulated institutions do not have to use these clauses, however.

Fair Credit Reporting: E.1 Introduction

The full text of FTC Staff Opinion Letters can be found online as companion material to this treatise, under “Primary Sources.” Search tips to pinpoint the appropriate letter on the website are set out below.

Fair Credit Reporting: E.3.1 Overview

The informal opinion letters listed in this index were mostly written by FTC staff in response to written inquiries from consumer reporting agencies, creditors and other users of consumer reports, and consumers. The letters are informal; they are not approved by the FTC Commissioners and they are not formal advisory opinions. They are not even interpretations of an FTC regulation, but of the statute itself. As such, they are not entitled to formal deference by a court of law.

Fair Credit Reporting: FCRA § 603d, 15 U.S.C. § 1681a Definition of “Consumer Report”

Carson (Mar. 20, 1971)

Conway (Mar. 30, 1971)

Silbergeld (Apr. 1, 1971)

Carson (Apr. 8, 1971)

Feldman (Apr. 15, 1971)

Kahn (Apr. 27, 1971)

Feldman (May 5, 1971)

Wan (June 2, 1971)

Goldfarb (June 16, 1971)

Feldman (July 15, 1971)

Carson (Sept. 1, 1972)

Russell (Jan. 30, 1973)

Wan (May 25, 1973)

Grimes (July 5, 1973)

Wan (July 5, 1973)

Grimes (Sept. 5, 1973)

Russell (Sept. 26, 1973)

Russell (Sept. 27, 1973)

Conway (Dec. 3, 1973)

Russell (Dec. 3, 1973)