ABA Privacy Principles


1. Recognition of a Customer's Expectation of Privacy
Financial institutions should recognize and respect the privacy expectations of their customers and explain principles of financial privacy to their customers in an appropriate fashion. This could be accomplished by making available privacy guidelines and/or providing a series of questions and answers about financial privacy to those customers.

2. Use, Collection and Retention of Customer Information Only if the Institution Believes the Customer Will Benefit
Financial institutions should collect and use information about individual customers only where the institution reasonably believes it would be useful (and allowed by law) to administering that organization's business and to provide products, services and other opportunities to their customers.

3. Maintenance of Accurate Information
Financial institutions should establish procedures so that a customer's financial information is as accurate, current and complete as possible. Financial institutions should also respond to requests to correct inaccurate information as expeditiously as possible.

4. Limiting Employee Access to Information
Financial institutions should craft policies and procedures that limit employee access to personally identifiable information to those with a business reason for knowing such information. Financial institutions should create training programs so that employees will understand the importance of confidentiality and customer privacy. Financial institutions should also establish compliance procedures for such privacy responsibilities and create a mechanism for enforcement.

5. Protection of Information via Established Security Procedures
Financial institutions should maintain appropriate security standards and procedures regarding unauthorized access to customer information.

6. Restrictions on the Disclosure of Account Information
Financial institutions should not reveal specific information about customer accounts or other personally identifiable data to unaffiliated third parties, unless 1) the information is provided to help complete a customer initiated transaction; 2) the customer requests it; 3) the disclosure is required by/or allowed by law (i.e. investigation of fraudulent activity); or 4) the customer has been informed about the possibility of such disclosure through a prior communication and is given the opportunity to decline (i.e. "opt out").

7. Maintaining Customer Privacy in Business Relationships With Third Parties
If personably identifiable customer information is provided to a third party, the financial institutions should require the third party to adhere to similar privacy principles that provide for keeping such information confidential.

8. An Institution's Privacy Principles or Policies Will Be Made Known to the Customer
Financial institutions should devise methods of providing a customer with an understanding of their privacy policies. Customers that are concerned about financial privacy will want to know about an institution's treatment of this important issue. Some institutions may include their privacy principles in an employee code of conduct manual or some other similar document while others may have a separate document. However, each financial institution should create a method for providing to the public its privacy policies.

 

Questions? Please contact the webmaster@aba.com for more information.