As advances in technology continue to be made, concern for consumer privacy and protection grows. The Gramm-Leach-Bliley Act, Regulation P - Privacy of Consumer Financial Information, and the Dodd-Frank Act are just two of various means established to protect consumer privacy. It is essential for the topic of consumer privacy to be addressed by every business.
The following agencies, federal offices, and/or entities require implementation of this manual:
- Consumer Financial Protection Bureau
- Fannie Mae
- Freddie Mac
- Federal Trade Commission
The policy features the following benefits:
- Supports strong operational practices and preparedness
- Explains roles and responsibilities
- Meets regulatory or internal compliance requirements
- Includes Example Forms, including variations on the Consumer Opt-Out Forms
Maintenance: Receive regular and ongoing industry updates to keep your policy within regulatory requirements.
Publishing: Publish your manual, including your company procedures, in AllRegs Online to complete your policy manual solution.
Contact your account manager for information regarding these optional services!
|1.1||Goals and Objectives||Mandatory Review||Include the point of view or culture of your organization in this section, if applicable.|
|1.2||Required Review||Mandatory Review||Be sure this accurately reflects your company’s annual policy review process.|
|2.1||Internal Controls||Mandatory Review||Include or reference related procedures in this section.|
|3||Staff and Training||Mandatory Review||Include the means by which your organization provides and tracks required training.|
|4.1||State Compliance||Recommended Best Practice||Determine if your organization issubject to more restrictive requirements as imposed by the states in which you do business.|
|4.8.1||Electronic Delivery of Privacy and Opt-Out Notices||Mandatory Review||If your organization does not deliver notices electronically, you should consider noting that or remove the section.|
|4.9.4||Exceptions for Annual Notice||Recommended Best Practice||Consider if your organization may make use of the exception as permitted by CFPB.|
|6.2||Fannie Mae Requirements||Recommended Best Practice||If you do not sell to Fannie Mae, you may wish to remove these Fannie Mae requirements for safeguarding consumer information.|
|6.2.1||Obligations for a Data Breach Incident||Recommended Best Practice||Procedures for managing data breaches must be in place for Fannie Mae Seller/Servicers. You may remove this section if you do not sell to Fannie Mae.|
|9||Administrative Access Control||Optional Enhancement||This section references responsibilities of the compliance officer and the chief security officer. If you use different job titles, you should update these references.|
|12||Document Destruction||Optional Enhancement||There is a reference to your security officer. If you use a different job title, you should update this reference.|
|13||Model Forms||Optional Enhancement||Consider replacing these sample forms with the forms currently in use by your organization.|