Consumer Data Protection/Privacy Information Sheet and Initial Notice and Opt Out for LONG ISLAND STATE EMPLOYEES FEDERAL CREDIT UNION

At LONG ISLAND STATE EMPLOYEES FEDERAL CREDIT UNION, we do everything we can to protect the privacy of consumers and our members, including those who visit our Web site. We value your time and your interest in our organization. We place a high priority on ensuring the security and privacy of data pertaining to each consumer. LISEFCU is aware that as members, you have entrusted us with your financial information and accounts, and also have shared personal information with us.

LONG ISLAND STATE EMPLOYEES FEDERAL CREDIT UNION Consumer Data Protection and Privacy Practices

LISEFCU'S board of directors and staff believe it is important to inform you of the data protection and privacy practices that we have instituted. We have:

    1. Established specific security protection practices to ensure privacy of information

    2. Defined control methods to limit access to consumer information

    3. Formalized procedures and processes to ensure the maintenance of accurate information

    4. Established procedures and restrictions on disclosure of member account information

    5. Defined standards for consumer data collection, use, and methods of storage

    6. Required consumer data privacy covenants in third-party service and business arrangements

    7. Ensured that our staff is committed to protect a consumer's right to data privacy

    8. Disclosed to our members our privacy benchmarks and provided an overview of institution privacy practices

To ensure that we successfully accomplish these priority practices, as an organization we have:

  • Established formal guidelines for management and staff to ensure that the protection of consumer data and staff awareness of data privacy are top priorities
  • Developed and provided to potential and existing members a detailed notice about our data protection and privacy policy and practices
  • Established guidelines to ensure that proper procedures and controls are in place to address those situations required by law when we must disclose nonpublic personal information about you

The consumer data protection/privacy notice serves as a reference guide for consumers, members, credit union staff, and management regarding the protection of your data and your privacy.

Accuracy of Information

Every effort is made to ensure that our records of your information are complete and correct. If an error is noted on your statement or in any other communication from us, please contact us at the number listed on your account materials as soon as possible.

The Collection and Use of Information

We need to collect information about you to conduct our business relationship. However, in order to protect your information, we maintain and enforce strict security procedures.
We collect nonpublic personal information about you from various sources, including:

  • Information we received from you on applications or other forms
  • Information about your transactions with us, our affiliates, or others
  • Information we receive from a consumer reporting agency

We do not disclose any nonpublic personal information about you to anyone, except as permitted by law.
If you decide to close your account(s) or become an inactive member, we will adhere to the privacy policies and practices as described in this notice.
We collect only the information necessary to deliver quality products and services to our members. Only authorized and trained employees have access to member information. We also are continually assessing new technology, as it becomes available, to continue to best protect your privacy.

Our Security Measures

We restrict access to nonpublic information about you to those employees who need to know that information to provide products or services to you. We maintain physical electronic and procedural safeguards that comply with Federal Regulations to guard your nonpublic personal information

You May Opt Out

If you prefer that we do not disclose nonpublic information about you to nonaffiliated third parties, you may opt out of those disclosures, that is, you may direct us not to make those disclosures (other than disclosures permitted by law). Non- member joint accounts holders, co-borrows and guarantors may exercise this right to opt out.
For joint account holders, we will treat an opt-out request as applying to everyone listed on the account unless you direct us otherwise. If you wish to opt out of our disclosures to non-financial companies such as retailers, direct marketers, and publishers, or others such as non-profit organizations, you may call our office or mail your request to us as follows:

(631) 291-9160
Toll Free (outside 516 or 631) 1-877-LISEFCU
Long Island State Employees Federal Credit Union
State Office Building
250 Veterans Memorial Hwy
Hauppauge, N.Y. 11788
WWW.LISEFCU.ORG

IDENTITY VERIFICATION PROCEDURES §103.121(b)(2)

The MIP includes procedures for verifying the identity of each member to the extent reasonable and practicable. The procedures are be based on the credit union’s assessment of the amount of risk presented by the following factors: the types of accounts offered by the credit union; the various methods of opening accounts (i.e., in person, by mail, over the Internet); the types of identifying information available; and the credit union’s size, location and member base. The final rule allows credit unions to use a risk-based approach to verifying member identification. The credit union has put procedures in place as to under what circumstances it will verify the information obtained from the member. The verification must be done in a reasonable period of time after account opening. "Reasonable period of time" is not defined in the final rule, but 7-10 days should be satisfactory. We will verify the identity of any member where there is an increased risk of the credit union not knowing the true identity of the member (i.e. mail or Internet) or if the credit union has any question as to the identification provided by the member.1. After obtaining the required information the credit union will use an outside source to verify the information. We currently use ChexSystems for social security format validation, drivers license format validation, and OFAC cross check, as well as risk/fraud searches. This procedure is used on all new member accounts, and on additional services , ie: new share draft accounts, for existing members.2. Mail or Internet applications are checked against ChexSystems BEFORE the account is actually opened. If verification is confirmed we then ask the applicant for a copy of their drivers license or other picture ID, and a signed membership application. These items are to be mailed to us or delivered in person. 3. All new accounts receive a "Welcome" letter sent via regular mail to the address given to us at the time the account is opened. This is to insure that a valid address was used. If the letter is returned to us for any reason, a hold is placed on any and all funds in the account until such time as to correct the address.

Lack of Verification §103.121(b)(2)(iii)

The final rule requires that the credit union’s MIP include procedures for responding to circumstances in which the credit union cannot form a reasonable belief that it knows the true identity of the member. The credit union should not open an account for a potential member, the terms under which a member may use an account while the credit union attempts to verify the member’s identity, when the credit union should close an account after attempts to verify a member’s identification have failed, and when the credit union should file a Suspicious Activity Report (SAR).

A new member may use an account while we attempt to verify their identity only for cash transactions. We will not order an ATM or Debit Card, or checks until verification is complete. All checks will be held 30 days as outlined in our Funds Availability policy.

If the credit union should decide not to open an account, or to close an existing account, of an individual whose identity it cannot verify (thus, as a result, the credit union cannot form a reasonable belief as to the true identity of the member), we will comply with the other applicable laws and regulations, such as the adverse action provisions under Regulation B and the Fair Credit Reporting Act, if the decision was based in whole or in part on information contained in a consumer report.

If the decision to close or not open an account is due to a fraud alert we will file a SAR within 10 days of those findings.

MEMBER INFORMATION REQUIRED §103.121(b)(2)(i)

A. The credit union will obtain the following information from each member:   1 Name; 2; Date of Birth, for an individual; 3. Address, which shall be: (a) For an individual, a residential or business street address; (b) For an individual who does not have a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual; or (c) For a person other than an individual (such as a corporation, partnership, or trust), a principal place of business, local office, or other physical location; 4. Taxpayer/Employer Identification Number, which shall be: (a) For a U.S. person, a taxpayer identification number, i.e., social security number, individual taxpayer identification number, or employer identification number; (b) For a non-U.S. Person, one or more of the following: a taxpayer identification number, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard (such as any biometric identifiers that may be used in addition to, or instead of, photographs);

Note: When opening an Account for a foreign business or enterprise that does not have an identification number, credit union employees must request alternative government-issued documentation certifying the existence of the business or enterprise.

B. In order to comply with the final rule’s verification requirements, the credit union will obtain as much of the following information as possible (or other appropriate form of identification): 1. Telephone number; 2. Driver’s license number; and 3. For an individual, e-mail address.

C. Limited exception to Taxpayer/Employer Identification Number requirement:

Credit union employees may open an account for a member that has applied for, but has not received, an employer identification number, provided:

1. Employees confirm that the application was filed before the member opens the account by reviewing and/or obtaining a copy of the application prior to opening the account; and 2. Employees obtain the employee identification number within a reasonable period of time ("reasonable period of time" is not defined but 10-14 days should be sufficient), or such longer period as approved on a case-by-case base by the credit union’s MIP Compliance Officer.

Verification Through Documents §103.121(b)(2)(ii)(A)

Acceptable documents are: unexpired government-issued identification (either a driver’s license (or other government issued photo ID), passport for individuals or articles of incorporation, government-issued business license, partnership agreement, or a trust agreement for businesses) and the identification appears authentic, then there is no further verification needed. This is not an exhaustive list of acceptable identification. The credit union does not need to attest to the validity of the identification as long as there is no evidence of fraud on the identification. If there is evidence of fraud on the identification, the credit union must consider that factor in determining whether it can form a reasonable belief that it knows the member’s true identity. The credit union may use other documents for verification, as long as it has a reasonable belief that it knows the true identity of the member. If the credit union has any cause to question the identity of the member after receiving the documents, it may require corroboration through non-documentary information to further verify the identity of the member (see below).

Non-Documentary Verification §103.121(b)(2)(ii)(B) and (C)

There will be times when a credit union will not have the ability to observe documents at the time of account opening (i.e., through the mail or over the Internet). In such cases, the credit union can use non-documentary methods to verify identity as outlined under Identity Verification Procedures above.

MEMBER NOTICE §103.121(b)(5)

The final rule requires the credit union to provide notice to members and potential members that the credit union is requesting information to verify their identities. Since accounts may be opened using various methods, the final rule provides flexibility regarding providing the notice. The credit union may: post a notice in the lobby; post a notice on its website; include the notice on its account applications, or use any other form of oral or written notice. The final rule provides verbiage for this notice and a sample may be found below.

RELIANCE ON ANOTHER FINANCIAL INSTITUTION §103.121(b)(6)

The final rule provides that a credit union’s MIP may include procedures specifying when the credit union will rely on another financial institution (including an affiliate) for the verification of a member’s identity. Reliance on another financial institution is permitted if a member of the credit union is opening, or has opened, an account, or has established a similar banking or business relationship, with the other financial institution.

In order for the credit union to rely on another financial institution to verify a member’s identification, such reliance will be subject to a three-part test. The reliance must be: (1) reasonable under the circumstances;  (2) the other financial institution must be subject to a rule implementing the anti-money laundering compliance program requirements of the Bank Secrecy Act; and (3) be regulated by a Federal functional regulator. The other financial institution must enter into a contract requiring it to certify annually to the credit union that it has implemented its anti-money laundering program and that it will perform (or its agent will perform) the specified requirements of the credit union’s MIP. The contract and certification will provide a standard means for a credit union to demonstrate the extent to which it is relying on another institution to perform its MIP, and that the financial institution has agreed to perform those functions. If it is not clear from these documents, a credit union must be able to otherwise demonstrate when it is relying on another institution to perform its MIP with respect to a particular member. If the three-part test is satisfied, then the credit union will not be held responsible for the failure of the other financial institution to adequately fulfill the credit union’s MIP responsibilities, provided the credit union can establish that its reliance was reasonable and that it has obtained the requisite contracts and certifications. If the three-part test is not satisfied, then the credit union remains solely responsible for applying its own MIP to each member in accordance with the final rule. This provision may be considered a limited safe harbor.

RELIANCE ON AGENT

The credit union may authorize an agent to perform services on its behalf. Therefore, a credit union is permitted to arrange with a car dealer or mortgage broker, acting as its agent in connection with a loan, to verify the identity of its member. However, the credit union is ultimately responsible for the agent’s compliance with the requirements of this final rule, as this is not part of the reliance provision stated above.

This provision also allows the credit union to contract with third parties (other than financial institutions) to perform the credit union’s MIP responsibilities. In this case, the credit union remains ultimately  responsible for compliance.

IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify,and record information that identifies each person who opens an account.

What this means for you:

When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.

Adopted by LONG ISLAND STATE EMPLOYEES FEDERAL CREDIT UNION: January 1, 2001

Privacy Policy | Legal Disclaimer | Contact Us | ©2008 LISEFCU. All Rights Reserved.