The Entrust Trust Company’s Financial Privacy Policy
STATEMENT OF NEED AND PURPOSE
The Right to Financial Privacy Act of 1978 (RFPA) established guidelines and procedures regarding requests by federal government authorities for the financial records of individuals or businesses with five or fewer partners. The RFPA covers requests from a federal government authority; it does not apply to such requests from the Internal Revenue Service or from state, local, or other nonfederal agencies. Further, the Graham-Leach-Bliley Act (GLBA) covers a bank’s responsibilities in protecting a consumer’s nonpublic personal information.
The purpose of this policy is to establish guidelines regarding the sharing of customer information. This policy strives to balance The Entrust Trust Company, Inc. (TETC) responsibilities of maintaining confidentiality and protecting customer privacy with its responsibilities of providing accurate and reliable information to the federal government regarding its customers’ activities.
TETC will not honor any request for customer information that does not comply with the requirements of the RFPA. For requests complying with these requirements, TETC will take strict precautions that only the information specifically requested is provided.
APPROVED METHODS FOR PROVIDING INFORMATION
TETC recognizes the following methods and circumstances under which a customer’s information may be shared with third parties.
Customer Authorization
TETC may provide customer information to the requesting government body if the customer provides written authorization for the disclosure.
Judicial or Administrative Subpoena or Summons
A government agency may obtain records through either an administrative or judicial subpoena or summons authorized by the courts.
Formal Written Request
Agencies that do not have subpoena power may provide TETC with a formal written request for information. TETC is not required by law to respond to any such requests. All such requests will be forwarded to TETC’s legal counsel.
Search Warrants
A government authority may obtain customer financial records by means of a search warrant obtained under the Federal Rules of Criminal Procedure.
Grand Jury Investigations
A government authority that has obtained a grand jury subpoena is not required to comply with customer notice requirements. Furthermore, the agency may request a court order prohibiting the servicing company from notifying the customer that a grand jury subpoena has been issued.
If a grand jury subpoena relating to a possible crime against the servicing company or its supervisory agency has been issued, the servicing company is prohibited by law from notifying the customer about the existence of the subpoena. Violations of this law could result in fines of up to $1 million and five years imprisonment.
Tax Privacy Acts
The Tax Privacy Acts protect a broader customer base than the RFPA, applying to the records of any individual, trust, estate, partnership, association, company, or corporation.
REIMBURSEMENT
TETC is entitled to reimbursement for assembling or providing financial records covered under RFPA and the Tax Privacy Acts from the government authority requesting the information. TETC will seek reimbursement as permitted by law or regulation.
REQUEST LOG
With the exception of “Interested Party Designation Letters,” TETC will establish and maintain a Privacy Log of all requests for customer information.
TRAINING
Management will implement an ongoing system for providing information and annual training to employees pertaining to TETC’s financial privacy policy. Newly hired employees shall complete their required compliance training within 30 days of their hire date. Management will also implement a method of tracking updates to regulatory or legal privacy requirements to maintain compliance.
AUDIT
The internal audit staff will periodically test for compliance with the provisions of this policy. A report describing the level of compliance will be reported to the board of directors.