CIPP-US > Credit Reporting Agencies and Financial Privacy > Flashcards

Credit Reporting Agencies and Financial Privacy Flashcards

Learn how FCRA, FACTA, and GLBA regulate financial institutions and protect consumer credit and financial data. (76 cards)

Study These Flashcards
1
Q

What is the purpose of the Fair Credit Reporting Act?

(FCRA)

A

Regulate consumer reporting industry and protect consumer financial privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why protect financial records?

A
  • Prevent identity theft
  • Ensure honest reporting
  • Protect creditworthiness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When was the FCRA enacted and amended?

A
  • Enacted in 1970
  • Amended in 1996 (FCRA), 2003 (FACTA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What entities does the FCRA regulate?

A
  • Consumer Reporting Agencies (CRAs)
  • Users of consumer reports
  • Furnishers of data to CRAs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a consumer reporting agency?

(CRA)

A

Entity that collects or appraises PII for consumer reports provided to third parties for a fee.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a consumer report?

A

Communication on creditworthiness, standing, character, etc., used for eligibility decisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who are ‘users’ and ‘furnishers’ under FCRA?

A
  • Users: lenders, insurers, employers
  • Furnishers: entities providing credit info to CRAs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are user requirements under the FCRA?

A
  • Data must be accurate, used only for permissible purposes
  • Adverse action requires notice
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the FTC Furnisher Rule?

A

Furnishers must ensure the data they provide is accurate and complete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are Consumer Reporting Agency requirements?

A
  • Avoid outdated info
  • Provide only for permissible use
  • Assist consumers
  • Maintain records
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which regulatory authorities enforce the FCRA?

A
  • FTC
  • CFPB
  • State AGs

Dispute resolution; private lawsuits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three categories of permissible purposes for using consumer reports?

A
  • Legal
  • Credit-related
  • Other (e.g., employment, insurance, licensing)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What legal purposes allow use of consumer reports?

A
  • Ordered by court or grand jury
  • Child support investigations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are credit-related purposes for using consumer reports?

A
  • Assess creditworthiness
  • Existing obligation risk
  • Account review
  • Prescreening offers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What must users certify to CRAs before getting a consumer report?

A

They have a permissible purpose and will use it only for that purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is an adverse action under the FCRA?

A

Negative impact

Examples: denial of credit, insurance, employment, or promotion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the FCRA requirements when using consumer reports for employment?

A
  • Provide notice
  • Get prior authorization
  • Certify use with CRA
  • Give adverse action notice
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What situations might trigger an employee investigation?

A

Suspected misconduct or compliance with legal requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

When is an investigation not considered a consumer report under FCRA?

A
  • Employer complies with FCRA
  • Uses no credit info, and
  • Provides a summary to employee
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is an investigative consumer report?

A

Report gathered from interviews with info on:

  • Personality
  • Character
  • Reputation
  • Lifestyle
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What disclosures are required for investigative consumer reports?

A
  • Inform consumer
  • Provide summary of rights
  • Disclose nature or scope, and
  • Certify with CRA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How does FCRA limit use of medical information?

A

Must be coded and not identify provider.

Consumer must consent for employment use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the purpose of FACTA?

A
  • Enhance consumer protections
  • Address identity theft and credit accuracy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Does FACTA preempt state laws?

A

Yes, but allows state laws on ID theft, credit scores, and credit report frequency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What are key consumer protections under **FACTA**?
* Card number truncation * Credit score explanation * Free credit report requests * Disposal and red flags rules
26
What does the **Disposal Rule** require?
Reasonable practices to **prevent misuse or unauthorized access** to consumer report data. ## Footnote Examples: burning, shredding, pulverizing paper; erasing or destroying electronic data
27
**Who** enforces the Disposal Rule?
* FTC * CFPB * Federal banking regulators * States (with potentially different rules)
28
What does the **Red Flags Rule** require?
Financial institutions must **detect, prevent, and mitigate identity theft**.
29
What is a '**financial institution**' under the Red Flags Rule?
Banks, credit unions, or entities with consumer transaction accounts.
30
What did the **Red Flag Program Clarification Act** (2010) change?
**Narrowed** the definition of 'creditor' to **exclude incidental service providers**.
31
What are some examples of '**red flags**' for identity theft?
* CRA alerts * Suspicious ID documents or PII * Unknown account usage
32
What is the **main objective** of **GLBA**?
Protect consumers' privacy and security by regulating financial institutions.
33
What is GLBA **also known as**?
The Financial Services Modernization Act of 1999
34
Who is **covered** under GLBA?
U.S. financial institutions significantly engaged in financial activities.
35
What is '**nonpublic personal information**' under GLBA?
PII **provided** to, **generated** by, or **obtained** by a financial institution excluding public info.
36
What are **key requirements** of the GLBA Privacy Rule?
* Provide privacy notices * Opt-out option * Restrict data sharing * Ensure confidentiality and security
37
What is the **difference** between a 'consumer' and a 'customer' under GLBA?
* **Consumer**: one-time user * **Customer**: ongoing relationship with the institution
38
Who **enforces** GLBA?
* CFPB * SEC * CFTC * Fed Reserve * OCC * FDIC * State AGs may also enforce
39
Does GLBA **preempt** state laws?
No ## Footnote It does not preempt stricter state laws; may conflict with FCRA.
40
Who **took over** GLBA rulemaking after Dodd–Frank?
* **CFPB** took over most rulemaking * **SEC** and **CFTC** retain some authority
41
**When** must GLBA privacy notices be provided?
Initially and annually.
42
What must GLBA privacy notices **include**?
* Info collected * Shared with whom * Safeguards * Opt-out instructions
43
**How long** do financial institutions have to process opt-out requests?
30 days
44
With notice in place, **who** can financial institutions **share data with**?
* Affiliates * Joint marketing partners * Nonaffiliates (opt-out applies)
45
What disclosures are **prohibited** under GLBA?
Account numbers to **nonaffiliates for telemarketing** or direct mail.
46
When do consumers **NOT have opt-out** rights under GLBA?
* Essential services * Legal disclosures * Marketing by service providers
47
What is the **model privacy notice** under GLBA?
A standardized form issued in 2009 under FSRRA to help consumers **compare practices**.
48
What is the **GLBA Safeguards Rule**?
Requires **a security program** to protect CIA of consumer data.
49
What does the **information security program** under the Safeguards Rule include?
Administrative, technical, and physical safeguards.
50
What are **administrative** safeguards?
* Defined program * Risk management * Employee training * Vendor oversight
51
What are **technical** safeguards?
* Network and app security * Access controls * Encryption
52
What are **physical** safeguards?
* Facility protections * Environmental controls * Business continuity
53
What does the **E-Sign Act** stand for?
Electronic Signatures in Global and National Commerce Act
54
What **year** was the E-Sign Act passed?
2000
55
What is the **main purpose** of the E-Sign Act?
To **permit electronic signatures** and records to have the same legal validity as paper documents.
56
How does the E-Sign Act **affect online banking**?
Allows customers to **opt-in to online banking** via electronic signatures.
57
What is the difference between **online** and **mobile banking**?
* **Online banking**: access to bank via internet * **Mobile banking**: financial engagement via mobile device
58
What is the **California Financial Information Privacy Act**? | (CFIPA)
**Expands GLBA** with more disclosures and consumer rights. ## Footnote Also called Senate Bill No. 1.
59
What is required for **sharing data with nonaffiliated** third parties in **CA**?
Written opt-in titled '**Important Privacy Choices for Consumers**' in simple language.
60
What **cybersecurity mandates** did NYDFS issue in 2017? | (New York Department of Financial Services)
* Risk assessments * CISO * Incident response plans, and audit trails
61
How is NY's definition of nonpublic personal information **different** from GLBA?
* More broadly defined * Includes stricter requirements for personnel, reporting, and third-party services
62
What is **BitLicense** under NYDFS?
* Regulation for **virtual currency** businesses * Requires **licensing** and adherence to NYDFS rules
63
What is the '**Greenlist**' in NYDFS virtual currency regulation?
A list of 33 **approved coins** (as of April 2023). ## Footnote Businesses can self-certify coin-listing policies.
64
What is the **Dodd-Frank Act**?
* 2010 law enacted after the 2008 crisis * Created the Consumer Financial Protection Bureau (CFPB)
65
What is the **CFPB**?
Independent bureau in the Federal Reserve **focused on consumer protection** in finance.
66
What **rulemaking authority** does the CFPB have?
* FCRA * GLBA * Fair Debt Collection Practices Act
67
What **institutions** does the CFPB oversee directly?
* All **non-depository institutions** * Depository institutions with **over $10B** in assets
68
Who enforces CFPB rules for small banks with **less than $10B** in assets?
Banking regulators
69
What **new enforcement concept** did Dodd-Frank introduce?
Abusive acts and practices.
70
What qualifies as an '**abusive**' act under Dodd-Frank?
**Materially interferes** with understanding or takes advantage of consumer vulnerabilities.
71
What **enforcement powers** does the CFPB have?
* Investigations * Subpoenas * Hearings * Civil actions
72
Do states have **authority to enforce** Dodd–Frank provisions?
Yes ## Footnote State attorneys general can bring civil actions.
73
What is the **EFTA**?
* Electronic Fund Transfer Act (1978) * Protects consumer rights and sets company responsibilities for electronic fund transfers
74
What does **Regulation E** do?
Implements the **EFTA**.
75
When was **EFTA enforcement** transferred to the CFPB?
In **2011**, under the Dodd-Frank Act.
76
What is an **Electronic Fund Transfer**? | (EFT)
Transfers using ATM, telephone, computer, or magnetic tape to debit and credit accounts. ## Footnote Examples: ATM transactions, direct deposits, electronic bill payments
CIPP-US
flashcards
Decks in class (12)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions