CRCM Privacy and Data Security Compliance

Question 1

Under the Gramm-Leach-Bliley Act's Safeguards Rule, financial institutions are required to:

Accepted Answer

Develop, implement, and maintain a comprehensive information security program

Answer

The GLBA Safeguards Rule requires financial institutions to have a written comprehensive information security program protecting customer financial information.

Question 2

The FTC's Safeguards Rule (updated 2023) requires covered financial institutions to designate:

Accepted Answer

A qualified individual to oversee the information security program

Answer

The updated FTC Safeguards Rule requires covered institutions to designate a qualified individual (e.g., CISO) to oversee the information security program.

Question 3

Under the GLBA Privacy Rule, a financial institution must provide customers the right to opt out of:

Accepted Answer

Sharing nonpublic personal information with nonaffiliated third parties

Answer

The GLBA Privacy Rule gives customers the right to opt out of sharing their nonpublic personal information with unaffiliated third parties.

Question 4

Under the Bank Service Company Act, when a bank contracts with a third party for services, the bank's compliance obligations:

Accepted Answer

Remain with the bank; it cannot outsource its compliance responsibilities

Answer

Banks cannot outsource their compliance responsibilities; they remain responsible for compliance even when services are performed by third-party vendors.

Question 5

A notification to customers affected by a data breach is required under:

Accepted Answer

A combination of federal agency guidance and state data breach notification laws

Answer

Data breach notifications are governed by both federal agency guidance (OCC, FDIC, Federal Reserve) and state-level data breach notification statutes.

CRCM - Certified Regulatory Compliance Manager Practice Test

CRCM - Certified Regulatory Compliance Manager Practice Test

CRCM Privacy and Data Security Compliance