Privacy and Security of Customer Information: Requirements and An Effective Bank Compliance Program (3 Sessions)

02-04 to 02-06-2024 1:00 PM EST.

Financial institutions are required by federal and state law to protect the privacy and security of their customer's personal information. As a number of departments throughout a bank routinely collect and retain customer information as part of their normal business operations, protecting the privacy and security of customer information is an enterprise-wide responsibility. If financial institutions fail to recognize the vulnerability this causes, they are not only at risk of violating the underlying federal and state laws and regulations, but also at risk of a serious data breach, disruption to their business, remedial actions, and potential penalties that may result. An ounce of prevention is truly worth a pound of cure here.

Bankers who understand the significance of the legal and regulatory requirements and invest the time and effort to build an effective compliance program based on those requirements will have greater success in preventing a breach and responding quickly and effectively, minimizing the damage if one does occur. In these institutions, privacy and security policies are in place that dictate procedures for customer data collection, access, movement, storage, destruction, and, if necessary, responding to a breach.

As an experienced instructor and widely published author on data privacy and cybersecurity, Dr. Jim Castagnera, Esq., will review the relevant customer privacy and security laws and regulations during this 3-session webinar series. In addition, he will discuss the key elements of an effective financial institution compliance program.

What You’ll Learn

During this highly informative and important webinar, Dr. Castagnera will discuss:

• Relevant federal customer privacy and security laws including: 
  -- Fair Credit Reporting Act
  -- Gramm-Leach-Bliley Act
  -- Computer Fraud and Abuse Act
  -- Children's Online Privacy Protection Act
  -- Fair Trade Commission Regs
  -- SEC Regs
• State privacy, breach-notification, and data-destruction requirements
• Identifying the users and departments in your organization who collect and or retain customer information
• Structuring your enterprise-wide compliance program to cover all of the bases: customer data collection, access, movement, storage, destruction, and if necessary, responding to a breach
• The components of an effective enterprise-wide customer privacy and security program:
  -- Implementing written policies and procedures
  -- Designating a compliance officer and compliance committee
  -- Conducting effective training and education
  -- Developing effective lines of communication
  -- Conducting internal monitoring and auditing
  -- Enforcing standards though well publicized disciplinary guidelines
  -- Responding promptly to detected problems and undertaking corrective action
• Fast tracking the recommendations of the compliance officer and committee to senior management
• Review of best practices and case studies