Purpose
The purpose of this policy is to ensure that NAVY ARMY FCU (NAFCU) complies with existing federal and state laws with respect to the privacy and security of member's nonpublic personal information. NAFCU is committed to making available financial products and services that will enable our members to meet financial needs and reach financial goals. Protecting personal information and using it in a manner consistent with member expectations is a high priority for NAFCU.
General Provisions
NAFCU shall protect the confidentiality, security, and integrity of each member's nonpublic personal information in accordance with existing state and federal laws. The credit union will maintain physical, electronic, and procedural safeguards that comply with federal standards to guard members' nonpublic personal information. The credit union will collect, use and retain only the personal information that we believe is necessary to help provide our products, services and other opportunities to you.
The credit union does not, and will not, sell or provide any member information to third parties including list services, telemarketing firms, or outside companies for independent use.
Information Security Program
Management of NAFCU shall be responsible for developing, implementing, and maintaining an effective information security program to: 1.) ensure the security and confidentiality of member records and information, 2.) protect against any anticipated threats or hazards to the security or integrity of such records, and 3.) protect against unauthorized access to or use of such records or information that would result in substantial harm or inconvenience to any member. Management shall report to the board on the status of the credit union's information security program.
Assessment of Risk
In order to assess the risks that may threaten the security, confidentiality, or integrity of member information or member information systems, the credit union shall: Identify all reasonably foreseeable internal as well as external threats that can result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems.
Determine the likelihood as well as potential damage of the internal and external threats.
Determine the sufficiency of the credit union's policies, procedures and member information systems to control the identified risks.
Implement upgraded security procedures to deal with identified risks as necessary.
MANAGEMENT AND CONTROL OF RISK
In order to manage and control the risks that have been identified, the credit union shall:
Establish written procedures designed to implement, maintain and enforce the credit union's information security program.
Limit access to the credit union's member information systems to authorized employees only.
Establish controls to restrict employees from providing member information to unauthorized individuals.
Limit access at the credit unions physical locations containing member information, such as buildings, computer facilities, and records storage facilities to authorized individuals only.
Provide password protection and/or encryption of electronic member information including but not limited to information in transit or in storage on networks or systems to which unauthorized individuals may have access.
Implement internal control procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to member information.
Monitor the credit union's systems and procedures to detect actual and attempted attacks on or intrusions into the member information systems.
Establish response programs that specify actions to be taken when the credit union suspects or detects that unauthorized individuals have gained access to member information systems, including appropriate reports to regulatory and law enforcement agencies.
Implement measures to protect against destruction, loss, or damage of member information due to environmental hazards, such as fire and water damage or technical failures.
Regularly test, monitor, evaluate, and adjust as appropriate, the information security program in light of any relevant changes in technology, and internal or external threats to the credit union's information security systems.
Regularly test the key controls, systems, and procedures of the information security program.
Ensure that all contracts with service providers contain appropriate provisions requiring the service providers to protect the confidentiality of the credit union member's nonpublic personal information. Under no circumstances will we authorize these firms to charge member's accounts without their expressed consent. Navy Army Federal Credit Union does not sell or otherwise provide member names or other information to third parties for purposes inconsistent with the credit union's mission.
EMPLOYEE TRAINING
Employees shall be trained with regard to their responsibilities under this policy. In addition, employees shall be trained to recognize, respond to, and where appropriate, report any unauthorized or fraudulent attempts to obtain member information.
Specific Internet Related Information
Usage, Collection and Retention of Information
Visitors to our web site will remain anonymous. We do not collect personal identifying information about visitors to our site. We will automatically collect standard non identifying information about visits to our site, such as the date and time of your visit, the internet provider address you were assigned, city, state, and country and the pages you access on our web site. This information is used to compile standard statistics on site usage. For our members accessing our Home Branch home banking product we will collect, use and retain only the personal information that we believe is necessary to help provide our products, services and other opportunities to you.
Collection and Retention of E-Mail Addresses
If you have provided identifying information via e-mail (e.g., name and address), the information will only be used to communicate with you to handle your request. It is not sold or transferred to other parties.
What we do to make your on-line banking experience using Home Branch safe and enjoyable:
Firewall
Our home banking server is not directly connected to the Internet. The data that is transmitted to and from the server must first pass through a firewall. A firewall is a hardware or software device that monitors network traffic and blocks inappropriate connections to other computers on a network.
Digital Certificate
We have a digital ID which allows us to use Secure Sockets Layer (SSL) encryption for all of the traffic between our server and your browser. This protects your information in the unlikely event that a third party intercepts the data. As well, the digital ID allows your browser to verify our identity every time you visit our web site.
What you should do to aid in the protection of your information:
Browser
We strongly encourage the use of browsers that support 128-bit encryption. This is presently the strongest browser encryption level that is provided by both Microsoft ( www.microsoft.com ) and Netscape ( www.netscape.com ). The use of these browsers serves to further ensure that your data is safe from interception. The level of encryption you ultimately obtain is dependent upon your browser's capability.
Passwords
You should create passwords that are hard to guess. They should be at least 6 characters long and should contain numbers and letters in them, but not special symbols such as @, $, or *.
If at all possible you should refrain from the use of passwords that contain dates of birth for you or any member of your family, common names and words contained in the dictionary. Additionally, you should not use any part of your social security number or driver's license number.
You should never share your password with anyone. If you do, you will be held responsible for any transactions conducted on your account, whether you asked the person to initiate the transaction or not.
Please remember that representatives from the Credit Union will NEVER contact you by phone or e-mail and ask for your password. Should anyone initiate such a request, please contact us at (361) 986-4500 or 800-622-3631 and ask for our Information Systems Manager.
E-mail
You should refrain from e-mailing any personal data (member number, Social Security Number, etc.) to the Credit Union. E-mail may not be secured and is subject to interception by unauthorized individuals. Therefore, if you wish to communicate sensitive or personal information, you may want to send it by postal mail or contact us at (361) 986-4500 ext 2 or toll free at 800-622-3631 ext 2 and we will assist you.
|
