π Privacy Rule: Teller Responsibilities
βStep Type: Text
βWhat learners will learn: How tellers apply GLBA Privacy Rule requirements in branch interactions.
βStep Description: This step explains teller duties under the GLBA Privacy Rule, including delivering privacy notices to customers, handling questions about privacy policies, determining permissible disclosures of nonpublic personal information (NPI), and escalating issues to management or compliance when guidance is unclear. The step provides clear procedures for interacting with customers while maintaining regulatory compliance.
βSummary of Content: Tellers practice understanding Privacy Notice delivery, permissible disclosures, responding to customer privacy questions, and escalation protocols for compliance.
βKey Topics Covered:
Delivery of GLBA Privacy Notices
Permissible disclosures of nonpublic personal information (NPI)
Handling customer privacy questions
Escalation when privacy guidance is unclear
β
π Safeguards Rule: Protecting NPI in Branch Operations
βStep Type: Scenario
βWhat learners will learn: Operational steps to protect customer data in teller interactions.
βStep Description: This step presents scenarios involving day-to-day branch operations where sensitive customer information must be protected. It covers workstation security, private conversation protocols, document handling procedures, and digital security measures. The scenarios require decision-making at multiple points to reinforce proper safeguarding practices and adherence to the GLBA Safeguards Rule.
βSummary of Content: Tellers practice securing workstations, managing paper documents, and applying digital safeguards in realistic branch situations.
βKey Topics Covered:
Screen visibility and workstation security
Conducting private conversations
Proper handling of paper documents
Following digital security protocols
β
π Handling Customer Opt-Out Requests
βStep Type: MultiChoice
βWhat learners will learn: How tellers recognize, document, and escalate customer requests to opt-out of information sharing.
βStep Description: This step presents scenarios in which customers exercise their rights to opt out of information sharing. It details how to identify opt-out requests, explain customersβ rights accurately, and follow the correct escalation procedures to management or compliance for processing and documentation.
βSummary of Content: Tellers reinforce correct identification, response, and escalation of opt-out requests according to GLBA requirements.
βKey Topics Covered:
Identifying customer opt-out requests
Explaining opt-out rights accurately
Escalation procedures for compliance
β
π Pretexting and Social Engineering Awareness
βStep Type: True or False
βWhat learners will learn: How to recognize and respond to attempts to obtain NPI via deceptive methods.
βStep Description: This step provides guidance on recognizing and responding to deceptive attempts to obtain customer information, including phone calls, emails, or in-person requests. It emphasizes identifying red flags, verifying identities before disclosing information, refusing inappropriate requests, and escalating suspicious interactions according to internal policies and GLBA requirements.
βSummary of Content: Tellers learn to identify social engineering, verify identities, refuse inappropriate requests, and escalate suspicious activity.
βKey Topics Covered:
Recognizing pretexting or social engineering attempts
Identity verification best practices
Escalation of suspicious requests
Regulatory rationale under GLBA
β
π Record Disposal and Security
βStep Type: Streak
βWhat learners will learn: Proper procedures for securing and disposing of physical and electronic customer information.
βStep Description: This step covers procedures for securing and disposing of both physical and electronic customer records. It outlines locking computer screens and devices, properly storing paper documents, shredding sensitive information, and following digital security protocols to protect NPI from unauthorized access, consistent with the GLBA Safeguards Rule.
βSummary of Content: Tellers learn how to lock screens, secure documents, and shred records, maintaining GLBA Safeguards Rule compliance.
βKey Topics Covered:
Locking computer screens and devices
Securing paper documents
Shredding and proper disposal procedures
Protecting NPI from unauthorized access
β
π Escalation Protocols for Suspicious Information Requests
βStep Type: Scenario
βWhat learners will learn: When and how to escalate suspicious or potentially non-compliant requests for customer information.
βStep Description: This step presents branching scenarios where suspicious requests for customer information are encountered. It details how to recognize red flags, follow internal escalation chains, document incidents properly, and involve management or compliance as required to maintain regulatory compliance under GLBA Privacy and Safeguards Rules.
βSummary of Content: Tellers review escalation chains, recognize red flags, and document incidents in accordance with regulatory expectations.
βKey Topics Covered:
Recognizing suspicious NPI requests
Escalation to management or compliance
Documentation of incidents
Alignment with GLBA Privacy and Safeguards Rules
β