Banking Industry Privacy Principles
Recognition of a Customer's Expectation of Privacy
Financial institutions should recognize and respect the privacy expectations of their customers and explain principles of financial privacy to their customers in an appropriate fashion. This could be accomplished, for example, by making available privacy guidelines and/or providing a series of questions and answers about financial privacy to those customers.
Use, Collection and Retention of Customer Information
Financial institutions should collect, retain and use information about individual customers only where the institution reasonably believes it would be useful (and allowed by law) to administering that organization's business and to provide products, services and other opportunities to its customers.
Maintenance of Accurate Information
Financial institutions should establish procedures so that a customer's financial information is accurate, current and complete in accordance with reasonable commercial standards. Financial institutions should also respond to requests to correct inaccurate information in a timely manner.
Limiting Employee Access to Information
Financial institutions should limit employee access to personally identifiable information to those with a business reason for knowing such information. Financial institutions should educate their employees so that they will understand the importance of confidentiality and customer privacy. Financial institutions should also take appropriate disciplinary measures to enforce employee privacy responsibilities.
Protection of Information via Established Security Procedures
Financial institutions should maintain appropriate security standards and procedures regarding unauthorized access to customer information. …