Revised September 21, 2010
The bank’s general policy allows for sharing of public and non-public personal information about consumers to affiliates, third parties, and others as provided by law.
Sound management and security of consumers’ financial information is fundamental to maintaining a high level of public confidence and the customers’ trust. Customers entrust the Bank with personal, private, confidential information about themselves and their finances and expect the Bank to use this information only for the purpose of serving their needs for quality financial products and services. The Bank has a proud tradition of respecting and honoring our customers’ expectation in this area. It has always been the policy of this Bank to obtain information that is necessary and appropriate to conduct the affairs of the customers and the Bank, and to exercise caution and prudence in the handling and release of customer information to affiliates, third parties, and others as necessary or as permitted by law.
A. The Board and the Audit and Compliance Committee will:
- Designate a Privacy Officer annually.
B. The Privacy Officer and Senior Management will:
- Maintain a system for monitoring changes in the Bank’s information and security practices.
- Keep abreast of regulatory changes.
- Report significant related events to the Board.
- Devise procedures for delivering privacy notices to consumers.
- Establish employee training and compliance programs.
III. IMPLEMENTATION OF THE POLICY
A. Collection, Use and Retention of Customer Information: The Bank will collect and retain only information about customers that is needed to appropriately handle customer requests for quality financial products and services, and to carry on other legitimate business purposes of the Bank.
Categories Of Customer Information We Collect
The Customer Information we may collect is categorized below:
- Information you provide to us on applications and through other means, such as your assets, income and other debt.
- Information about your transactions and account experience with us, such as your account balance and payment history, or information about our communications with you, such as a request for a check and our response.
- Information from a consumer report, such as information regarding your creditworthiness or credit history.
- Information from other outside sources, such as verifying representations made by you regarding employment history, loan or credit card balances, or your property insurance coverage.
- Other general information we obtain about you that is not assembled for the purpose of determining your eligibility for credit.
B. Accuracy of Information: The Bank will strive to maintain complete, current, and accurate information about its customers. Any inaccurate information that is brought to the attention of the Bank will be corrected as quickly as possible after notification. Procedures will be maintained to ensure that any reported inaccuracies are promptly and effectively handled and that customer information remains as accurate, current, and complete as possible.
C. Information Security: Access to personally identifiable customer information shall be limited to employees who have a business reason to obtain such information. Employees will be trained and educated on the importance of confidentiality and privacy of customer information. Appropriate disciplinary action will be taken against employees who violate policies or procedures relating to customer information privacy. Physical, electronic, and procedural safeguards that comply with federal regulations to guard nonpublic personal information will be maintained at all times.
D. Release of Customer Information to Affiliates, Third Parties and Others:
E. Disclosure of Customer Privacy Policies:
- Circumstances Under Which We Share With Affiliated Companies
We may share all five types of Customer Information, described in Section I, among our affiliated companies. Our affiliated companies include financial institutions, securities brokers, insurance companies and trust companies.
We occasionally receive medical or health information about a customer, for example, if a customer applies for insurance from us. If we do receive medical or health information about a customer, we will not share it among our affiliated companies, except as necessary to maintain accounts, process transactions or provide services the customer has requested or initiated.
- Circumstances Under Which We May Share Information With Nonaffiliated Third Parties
We may share all five types of Customer Information described in Section I with nonaffiliated third parties. The nonaffiliated third parties may include (i) financial service providers, for example, insurance companies, mortgage bankers, and securities brokers; (ii) nonfinancial companies, for example, check printing and data processing companies and companies that perform services for us; (iii) credit bureaus and similar organizations.
We may share all five types of Customer Information with such nonaffiliated third parties for the following purposes, for example:
- To provide you products and services you have requested.
- To process a transaction initiated by you.
- To perform services for us pursuant to a contract.
- To respond to a subpoena, a fraud investigation, or other legal process.
- To record deeds of trust or mortgages in public records.
- To conduct an audit or examination.
- To provide a service with your consent, including the case where you have given someone your power of attorney or other written authorization to act on your behalf, or as otherwise permitted by law.
Customer Privacy Disclosure will be sent to all Bank customers at least once each calendar year, and prior to the implementation of any significant changes in customer privacy policies and practices. These disclosures will also be given to all new customers of the Bank when they become customers, and to others upon request.
F. Internal controls:
The Bank will implement internal controls commensurate with the Bank’s level of risk. Regular audits of the control systems will help ensure that the controls are appropriate and functioning properly.
IV. REPORTS TO THE DIRECTORS
The Board of Directors shall review this policy annually and make such amendments as may be needed from time to time.