CU Campus Card Services has adopted the following member data privacy policy, in compliance with the Gramm-Leach-Bliley Act (GLB Act) and in order to generally safeguard its member’s nonpublic personal information. This policy will be reviewed and adjusted as necessary, at least on an annual basis. The Financial Privacy Coordinator will report to the board in written form annually, or more frequently if material events warrant.
- Providing member privacy notices
CU Campus Card Services will provide member privacy notices as required by the GLB Act. Members will receive initial privacy notices at account opening. Thereafter, the privacy policy will be accessible on the Terps card website (www.terpscard.com) and reviewed/updated at least annually. New members and persons adding joint relationships will receive privacy notices at the time of application or approval of membership or services. Privacy notices will be provided in a form that the member may keep.
- Collection of Member Information
CU Campus Card Services collects information about members in many ways. Information is provided by members on applications for membership, accounts, loans, and a variety of other products and services. Information is also provided with requests for transactions of many kinds. CU Campus Card Services also receives information when processing member transactions such as clearing checks, ACH transfers, debit transactions, and more. Members also provide information in response to questions posed by the Credit Union or in their correspondence to the Credit Union. All member information collected is considered nonpublic personal information and is subject to the confidentiality provisions of this policy.
- Confidentiality and Security of Member Information
CU Campus Card Services will undertake reasonable measures to protect the confidentiality and security of member information. Physical security of documents, restricted access to information, and proper handling of information form the basis of the credit union’s procedures.
CU Campus Card Services employees will verify members’ identity before releasing information or processing transactions for members. Employees will also maintain control and security of documents that contain member information. After processing, documents with nonpublic personal information will be properly filed or will be designated for shredding.
Employees are allowed access to members’ information as needed to fulfill members’ requests or conduct credit union business as may be appropriate.
The Credit Union maintains physical, electronic, and procedural safeguards to protect member information.
Providing nonpublic personal information to nonaffiliated third parties.
CU Campus Card Services does not provide nonpublic personal information to nonaffiliated third parties.
CU Campus Card Services may share information with another company that is controlled by the Credit Union. Credit Union control is defined as ownership of the power to vote at least 25% of the outstanding shares; control in any manner over the election of a majority of the directors; or the power to exercise a controlling influence of the company (in cases of Credit Union Service Organizations (CUSO), the CUSO must be 67% owned by credit unions).
Agreements with Others: Financial Institutions, Service Providers, Third Parties to process members’ request.
CU Campus Card Services may enter into joint marketing agreements with other financial institutions as defined by the GLB Act. Various products and services may be offered under these agreements.
CU Campus Card Services may also enlist firms or individuals to provide service for or market on behalf of the credit union. These service providers are authorized to assist the Credit Union in marketing its products and services.
CU Campus Card Services may also utilize third party processors, information providers, and service providers as needed to facilitate the requests of members to provide Credit Union services.
In any arrangement with parties as named above, the Credit Union will require agreements that protect the confidentiality of any nonpublic personal information. The agreement will also prohibit the use of information for any purpose except to the extent necessary to perform, effect, administer or enforce any transactions or services requested by the Credit Union or its members. Furthermore, the agreement will also prohibit the re-use of any information in any manner.
All contracts entered into after July 1, 2000 will contain clauses as referenced above.
The Credit Union may disclose nonpublic personal information as allowed as exceptions in the regulation. Nonpublic personal information will be shared in appropriate situations to the extent permitted by law. Examples of these situations includes, but is not limited to:
- With the consent of or at the direction of a member.
- To protect the confidentiality of security of our records pertaining to the member, service, product, or transaction.
- To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978, to law enforcement agencies, and others as provided for by the regulation.
- To a consumer reporting agency in accordance with the Fair Credit Reporting Act. In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit.
- To comply with federal, state, or local laws, rules and other applicable legal requirements.
- With others who request credit references in accordance with customary business practices.
- With regulatory agencies or auditors as required and allowed.
