EGRPRA


EGRPRA Home
What Are We Doing
Top Ten Issues
Read Comments
Site Map
Search EGRPRA

blue image
Economic Growth and Regulatory Paperwork Reduction Act with EGRPRA logo on left side

Comment

  



Dairyman's State Bank

From: Nancy Carli
Sent: Thursday, August 05, 2004 9:28 AM
To: regs.comments@federalreserve.gov; Comments; regs.comments@occ.treas.gov; regs.comments@ots.treas.gov
Subject: EGRPRA-Privacy of Consumer Financial Information/Safegaurding Customer Information

I believe both of the subjects listed are included in Information Security, which has become an extremely cumbersome area. We are a small bank, under $100 million. We do not share customer information. Period. But with regulators wanting us to document how we don’t give out customer information, perform annual (or more frequent) risk assessments showing how we don’t give out customer information, testing our procedures to prove we don’t give out customer information, developing written policies stating that we don’t give out customer information, and repeatedly training our already well seasoned staff not to give out customer information is getting burdensome, time consuming, and redundant.

I believe that, since we do not share information in any way that a customer could opt out of, we should be able to give the customer a notice when we open an account telling them our privacy policy and not have to continually send annual notices. I believe those are a waste of time and money; most customers just toss them in the garbage without even reading them, since they get so many from their other institutions.

I believe we should have a privacy program, an information security program, OR a risk assessment; not all three. Information security and risk are already covered by a number of other bank policies like its Information Technology Policy, Security Policy, Disaster Recovery, etc. However, examiners are insisting that we reiterate the bank’s practices in yet another policy/program. Our employees are informed that they must adhere to bank policies or they could be penalized or fired. I feel that additional testing is not worth the time.

I know these measures have come about to attempt to address identity theft, but I don’t think this will prevent it from happening. I can test all of my employees today, and they will do their jobs correctly and protect the customer’s privacy, then tomorrow they could get a call and let slip some information. We may never give out a customer’s information, but when the customer does, and they become victims of identity theft, it somehow becomes our fault.

Each of my staff attends several training seminars outside of the bank each year. Each of these seminars, regardless of topic, addresses customer information privacy. I discuss with each of my departments the need for customer privacy during the year. I feel that the requirement of annual training besides all this other information is too much.


Nancy Carli
Compliance Officer
Dairyman's State Bank
135 S. Main St.
Clintonville, WI 54929



 

 
menu item:About EGRPRA, sub menus under About EGRPRA Are: What is EGRPRA? Why Is EGRPRA Important? Why Should Bankers and Consumers Comment? The Law menu item:Comments and recommendations, sub menus under Comments and recommendations Are: Submit Comments & Recommendations Read Comments & Recommendations menu Item: Communications, sub menus under Communicatons Are: What We Are Doing To Reduce Burden Banker's Top Ten Issues - 2003 Press Releases Comments, Quotes and news Federal Register Notices menu item Outreach events, sub menus under Outreach events are: 2003 - 2004 Map menu item:About Agencies, sub menus under Agencies Are: FFIEC FDIC FRB OCC OTS NCUA