Privacy Security Rating

The Privacy Security Rating is 1 of the 5 parts of the IP Governance Operational Risk Management, Quantification and Rating model described on the home page of www.IPGovernance.com. The Privacy Security Rating analyzes the accuracy of Privacy and Security statements by financial firms. The model categorizes current privacy and security statements into 1 of 5 Privacy Security Ratings. Banks stating they exceed or comply with federal standards for safeguarding customer information earn, respectively, a 1 and 2 Privacy Security Rating. Banks with either a 1 or 2 Privacy Security Rating plus an “F” Online Brand Rating are posting inaccurate privacy and security statements for consumers.

"How We Safeguard Your Information" - Range of Standards Per Banks

Quotes from the FDIC's Site:Consumer Alerts - Privacy Act Issues under Gramm-Leach-Bliley "The FDIC has created this webpage to inform consumers about the Gramm-Leach-Bliley Act's (GLBA) consumer provisions to ensure that financial institutions protect consumer's financial information. GLBA became law in 1999. The new law applies to many types of financial institutions. The law covers banks, savings and loans, credit unions, insurance companies and securities firms. It even includes some retailers and automobile dealers that collect and share personal information about consumers to whom they extend or arrange credit. GLBA privacy considerations affect consumers in the following ways: (1) Financial institutions are required to: ensure the security and confidentiality of customer information; protect against any anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer. (2) The law requires these institutions to explain how they use and share your personal information. The law also allow you to stop or "opt out" of certain information sharing. (3) The law requires that financial institutions describe how they will protect the confidentiality and security of your information. "

The FFIEC's “Privacy of Consumer Financial Information”, dated June 2001, states, "the Agencies emphasize that you may use a sample clause only if that clause accurately describes your actual policies and practices. Appendix A–7—Confidentiality and Security (all institutions). You may use this clause, as applicable, to meet the requirement of § 216.6(a)(8) to describe your policies and practices with respect to protecting the confidentiality and security of nonpublic personal information. Sample Clause A–7: We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information.”

Over time, financial firms have modified the foregoing “Confidentiality and Security” clause to disclose for consumers 1 of 5 different  “Privacy and Security” standards, as required by GLBA 503, on whether or not a firm complies with federal standards for safeguarding consumer identifying information. The standards and matching statements are matched with Privacy Security Ratings that range from "1" (we exceed federal standards) to "5" (beware). Ratings #3, #4 and #5 omit any reference to "complying" with federal standards. Agency guidances direct that the "confidential security" notices must be accurate for their compliance or lack of compliance with federal standards to guard a consumer’s nonpublic information. These are noted below along with links to current Privacy and Security Statements.