Sign in to personal banking
Sign in to business banking
Sign up for online business banking
The Columbia Bank board of directors recognizes that in the financial services industry there is a common interest in protecting consumer and customer data. The privacy of nonpublic personal information is a significant concern when assessing internal controls, procedures, and security programs of Columbia Bank. To minimize privacy breaches, we need to ensure that consumers are aware of Columbia Bank privacy policies and practices and the general types of procedures used, to provide consumers with choices about collection of such information, and allow a "free flow" of information. Senior management and the board of directors have adopted a specific privacy notice to communicate the data sharing policies of the bank and to effectively meet specific regulatory requirements. The notice will assist consumers and customers with long standing relationships with our bank in understanding the risks of information privacy. The notice will also provide each consumer with insights on our data sharing methods.
Through proper communication and by carefully monitoring all facets of transactions entered into, our customers and our institution will benefit. Our primary goal is to protect the privacy of consumers and our customers and, therefore, the integrity of the institution. The purpose of this policy includes setting the institution's privacy objectives and guidelines to ensure that various banking activities are conducted in a controlled and successful manner to protect consumer data.
Nonpublic personal information is nonpublic information about a customer that we obtain in connection with providing a financial product or service. For example, personal information includes information regarding an account balance, payment history and overdraft history.
We may disclose nonpublic personal information to our corporate affiliates and other nonaffiliated third parties under certain circumstances to provide account services. Any nonpublic personal information shared is done so in strict adherence to applicable law. We do not disclose any nonpublic personal information to anyone, except as permitted under law. In order to provide our customers with products or services that we believe may meet their financial needs, we may exchange limited nonpublic personal information to nonaffiliated firms that conduct marketing services on our behalf, or with other financial institutions in order to offer financial products or services pursuant to a joint agreement.
Such information includes:
Information we receive from customers on an application or other forms, such as, name, address, social security number, assets and income;
Information about transactions with us, our affiliates or others, such as account balance, payment history; and
Information we receive from a consumer reporting agency, such as information relating to creditworthiness and credit history.
The general objectives of this policy are to:
This policy is not designed to act as a substitute for sound risk analysis or judgment; the primary objective of the policy is to serve as a reference and guide to bank management and staff involved in administering Columbia Bank products and services affected by consumer information.
The specific goals of the policy are to:
Definitions used in this policy are consistent with terms and information used in industry documents and regulatory issuances related to privacy elements in the financial services industry as well as electronic commerce. Significant definitions that may be of assistance in implementing and addressing the requirements of this policy are provided as Attachment A.
To assist each Columbia Bank customer (existing or potential) in understanding general banking and specific electronic banking online security and privacy issues, a privacy disclosure notice will be created. This notice will also provide each consumer with an explanation as to the information we collect and what information we disclose. This statement will reflect the bank's consumer privacy principles.
On an annual basis, Columbia Bank will provide to those customers with a continuing customer relationship a customer privacy notice. This notice must be provided in a clear, conspicuous manner to each customer. However, it is acceptable to provide a single notice for joint accountholders.
The bank will not disclose directly, or through any affiliate, any nonpublic personal information about a consumer to a nonaffiliated third party unless the bank has provided the consumer with an initial notice.
Management and staff have been assigned password and identified codes that provide for levels of information access. Employees of Columbia Bank have a need to work with information, but are not granted free access to all types of personal information outside the "need to know to do their job" requirements. Employees should refer any unusual requests for information about customers to their supervisors.
Formal procedures will be developed by departments to document receipt of any customer privacy complaint, privacy exception or privacy security violation for follow-up. Departments will retain documents on file following resolution of complaints, exceptions or security violations on privacy.
Vendors and other independent third parties that provide support or services in conjunction with Columbia Bank's banking activities will be required to have confidentiality clauses in their service contracts. These clauses will bind the parties to the same standards and level of data confidentiality and controls as those instituted by Columbia Bank. Each vendor or third party that provides support services will be asked to provide proof of bonding or insurance.
No part of the privacy regulations should be construed to modify, limit, or supersede the operation of the Fair Credit Reporting Act.State laws that are not consistent with the provisions of this policy and which provide greater protection to consumers will take precedence.
Columbia Bank's internal audit department is charged with responsibility for an annual in-depth review of all consumer privacy matters.
Audit reports will be issued to Columbia Bank's impacted departments, and the audit committee of Columbia Bank's board of directors.
Any company that controls, is controlled by, or is under common control with another company.
The process of proving the claimed identity of an individual user, machine, software component, or any other entity.
Process of determining what types of activities are permitted. As a general practice, authorization is used in conjunction with authentication; once authenticated as a user, there may be authorized levels of access or types of activity.
A notice of information that is reasonably understandable and designed to call attention to the nature and significance of the information contained in the notice. For example, information contained in the notice would be in clear, concise sentences, paragraphs, and sections. Short explanatory sentences and bullet lists would be used where possible. Other specific insights and guidelines are provided as part of the regulation.
The process of obtaining information that is organized or retrievable on a personally identifiable basis, regardless of the source of the underlying information.
Any corporation, limited liability company, business trust, general or limited partnership, association, or similar organization.
An individual who obtains or has obtained a financial product or service from a financial institution that is to be used primarily for personal, family, or household purposes, or that individual's legal representative. The regulation provides insight on methods in which a financial institution may obtain nonpublic personal information.
Same as the definition in the Fair Credit Reporting Act (15 USC 1681a(f)), which defines it as anyone who might render a consumer report as defined by the act. Consumer reports are usually defined as reports written or oral, that provide insights on a consumer credit standing, character, credit capacity, general reputation, personal characteristics, or mode of living
Control of company will exist if one of the following occurs
Principles, techniques, and methods for rendering information unrecognizable and then for restoring encrypted information to intelligible form.
A consumer who has a customer relationship with a financial institution, per regulatory guidelines.
A continuing relationship between a consumer and financial institution under which the institution provides one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes. Specific examples are provided in the regulation, which sets out what would be a continuing consumer relationship vs. a relationship, which no longer exists.
The process of scrambling data by a device or encoding principle (mathematical algorithms) so that the data cannot be read without the proper codes for unscrambling the data.
Any institution the business of which is engaging in activities that are financial in nature or incidental to such financial activities as detailed in section 4(k) of the Bank Holding Company Act of 1956 (12 USC 1843(k)).
Any product or service that a financial institution could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under section 4(k) of the Bank Holding Company Act of 1956 (12 USC 1843(k)).
Includes a bank's evaluation, brokerage, or distribution of information that the bank collects in connection with a request or an application from a consumer for a financial product or service.
One of the eight federal regulatory agencies responsible for enforcing the act, as well as state insurance authorities.
Personally identifiable financial information; and any list, description, or other grouping of consumers (and publicly available information that is derived using any personally identifiable financial information). Nonpublic personal information would not include any list, description, or other group of consumers (and publicly available information pertaining to them) that is derived without using any personally identifiable financial information.
Unique word or string of characters that a programmer, computer operator, or user must supply to satisfy security requirements before gaining access to a system or data.
Any information that is provided by a consumer to a financial institution with regard to a financial product or service from the institution; results from any transaction involving a financial product or service between the institution and the consumer; or that is otherwise obtained about a consumer in connection with providing a financial product or service to that consumer.
A reasonable basis to believe that information is lawfully made available to the general public exists if the bank has taken steps to determine that, the information is of the type available to the general public and whether an individual can direct that the information not be made available, and if so, that the consumer has not done so.
A sequence of digits used to verify the identity of a device holder.
With respect to a payment system, the principle that no information that might permit determination of transactions may be collected without the consent of the counterparties involved.
Any information that is lawfully made available to the general public from federal, state, or local government records widely distributed media or disclosures to the general public that are required to be made by federal, state, or local law.
Monitoring of activity as it occurs rather that storing the data for later review.
Collection of an entity's home page and other propriety pages located on the World Wide Web.