Overview and Purpose and Objectives
Commerce Bank of Temecula Valley respects the consumers’ right to privacy. The bank recognizes that customers have a right to expect their non-public personal information to remain private and secure. This policy formalizes the banks intention to protect the privacy and rights of our customers regarding the non-public personal information that the bank obtains in the normal course of business.
Definitions (for the purpose of this policy)
Employee: All directors, officers, and employees of the bank as well as attorneys, agents, or outside vendors, who have access to or use customer information.
Consumer: An individual who has obtained or is seeking to obtain a financial product or service from this bank that is to be used primarily for personal, family, or household purposes. An example of a consumer would be a loan applicant. A consumer is not necessarily a customer.
Customer: A consumer who has established a continuing relationship with this bank. Examples include a borrower and depositor.
Nonpublic personal information: Personally identifiable financial information relating to a consumer, including non-public financial information as well as compilations of public information derived using non-public financial information.
The Customers Expectation of Privacy
Bank customers are entitled to the assurance that the information concerning their personal financial data that the bank has obtained will be treated confidentially. All employees are directed by this policy to assure customers of our commitment to preserving the privacy of their information.
Use, Collection and Retention of Consumer Information
In order to provide financial services, the bank obtains information from a variety of sources, including:
- Applications or other forms
- Records of transactions with the bank or others; and
- Consumer-reporting agencies
The Bank may share this information as permitted by law and as supported by appropriate disclosures made in privacy notices. The information the bank collects provides benefits to the consumer by enabling the bank to better understand the individuals’ financial needs, improve products and enhance customer service, comply with laws and regulations, and help the bank protect consumers against fraud.
If a consumer decides not to become a customer of the bank, ends their relationship with the bank, or becomes an inactive customer, the bank will continue to protect the privacy of their information.
Limitation of Employee Access
Employee access to personally identifiable information is limited to those employees with a business reason to know such information. Bank employees are informed at the time of their initial employment of these standards and are periodically reminded of privacy requirements during training sessions. Willful violation of this policy may result in disciplinary action, up to and including termination.
Protection of Information
The bank’s security program includes physical, electronic, and procedural safeguards in compliance with federal regulation to prevent unauthorized access to personal information.
General Restriction on the Disclosure of Customer Information
Generally, the Bank will not reveal specific information about customer accounts or other nonpublic personal information to any nonaffiliated third party unless one of the following conditions applies. It is important to note that the following is not an exhaustive list of exceptions to financial privacy rules which would permit information sharing. Disclosures which are permitted by law include:
- Information disclosed as necessary for the servicing or processing of a financial product or service requested or authorized by the consumer
- Information disclosed with the consumer’s consent or at the consumer’s discretion, provided the consumer has not revoked the consent or direction
- Information disclosed to protect against or prevent actual or potential fraud, unauthorized transactions, claims or other liability
- Information disclosed (to the extent permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act) to law enforcement agencies, self-regulatory organizations, or for an investigation on a matter related to public safety
Disclosure of Privacy Principles to Consumers
A privacy notice shall be provided to consumers upon initial account opening and annually thereafter.
When the Bank wishes to share certain nonpublic personal information, regulations require that the consumer be provided with an opportunity to “opt-out”. This means that the consumer is furnished with a notice which indicates that the consumer may decline to have their nonpublic personal information shared in a specific manner. Assuming timely and proper distribution of the notice, the Bank may generally share the information unless the consumer notifies the Bank of their desire to opt-out.
The GLBA requires that if an institution intends to disclose nonpublic personal information that it has collected about the consumer to nonaffiliated third parties other than under the processing and servicing exceptions, the consumer must be given the right to opt-out before this information is disclosed. Such situations would include when the Bank has elected to engage in non-financial marketing with a nonaffiliated third party that is not a financial institution as defined by the GLBA. At this time, the Bank has elected not to disclose information in such a manner; thus, the opt-out notice is not included on the privacy disclosure.
The California Financial Privacy Act (SB 1) requires that if an institution intends to engage in financial joint marketing, the consumer must be given the right to opt-out before this information is disclosed. Financial joint marketing is sharing for joint marketing purposes among financial institutions as defined by the GLBA. At this time, the Bank has elected not to disclose information in such a manner; thus, the opt-out notice is not included on the privacy disclosure.
When the Bank wishes to share certain nonpublic personal information, regulations require that the consumer be provided with an opportunity to “opt-in”. This means that the consumer is furnished with a notice which indicates that by signing the consumer is consenting to the disclosure of certain information. The Bank may only share the information if the consumer notifies the Bank of their consent to opt-in.
The GLBA does not impose an opt-in requirement.
The California Financial Privacy Act (SB 1) indicates that a financial institution generally may not sell, share, transfer or otherwise disclose nonpublic personal information to or with any nonaffiliated third parties without the explicit prior consent of the consumer to whom the information relates. Thus, a consumer generally has to opt-in before a financial institution can disclose personal information to nonaffiliated third parties. One exception to this requirement is that only an opt-out is required in order to share information for purposes of financial joint marketing, as discussed above under opt-out requirements. Thus, opt-in requirements generally apply to non-financial or non-joint financial marketing. At this time, the Bank has elected not to disclose information in such a manner; thus, the opt-in notice is not included in customer privacy disclosures.
Review of Policy and Audits
The Board of Directors shall review this policy at least annually.
Further, the scope of applicable external audits shall include a review of
compliance with the Gramm-Leach-Bliley Act as well as the California
Financial Privacy Act in accordance with the bank’s risk assessment and
regulatory requirements. Results of these audits will be provided to the