AFIP CERTIFICATION COMPREHENSIVE EXAM ACTUAL
QUESTIONS AND ANSWERS SURE A+
✔✔The parties and situations that are covered by the Rules - ✔✔-Traditional car
dealers.
-All dealers who are "financial institutions" under the GLB.
-Natural persons who obtain financing products for family, personal or household
purposes.
-When an individual applies for credit, regardless of whether credit is extended.
✔✔Privacy Rule requirements - ✔✔1. You must provide certain notices: notify
customers about its privacy policies & practices
2. Your right to use Customer Information is limited
3. You also must allow the consumer to impose more restrictions
✔✔Nonpublic Personal Information (NPI) - ✔✔Any "personally identifiable financial
information" that a financial institution collects about an individual in connection with
providing a financial product or service, unless that information is otherwise publicly
available.
✔✔Definition of "consumer" under the Privacy Rule - ✔✔Someone who obtains or has
obtained a financial product or service from a financial institution that is to be used
primarily for personal, family, or household purposes, or that person's legal
representative. The term "consumer" does not apply to commercial clients, like sole
proprietorships.
✔✔What it means for a consumer to "opt out"? - ✔✔Once told that his/her NPI might be
sold to a third party that isn't directly related to the immediate transaction, the customer
must be given the option to decline having his or her information sold (called "opting
out")
✔✔The conditions under which a privacy notice must be issued - ✔✔-An initial privacy
notice is required only if the dealer intends to share this information with a non-affiliated
third party.
-You must deliver your privacy notices to each consumer or customer in writing, or, if
the consumer or customer agrees, electronically.
-Notices given orally or posted in your office(s) don't comply with the rule.
✔✔The entity responsible for issuing notices during the repayment period of the
installment sale or consumer lease agreement: - ✔✔The financial institution that is
assigned the contract; or the entity in which the consumer relationship exists.
✔✔The information that must be included in the privacy notice - ✔✔-The categories of
NPI that you collect
-The categories of NPI that you disclose
,-The categories of affiliates & non-affiliated third parties to whom you disclose NPI
-The categories of NPI about your former customers that you disclose & the categories
of affiliates and non-affiliated third parties to whom you disclose NPI
-A separate statement of the categories of information you disclose and the categories
of third parties with whom you have contracted
-An explanation of the consumer's right to opt-out of certain disclosures of NPI to non-
affiliated third parties
-A Fair Credit Reporting Act disclosure
-A statement regarding your information safeguards policies and practices
✔✔The rules regarding when it is permissible to share NPI with a nonaffiliated third
party - ✔✔-The notices must be delivered whether the NPI is shared with unrelated
entities or not.
-The financial institution to which the loan is assigned is required to provide annual
notices regarding its policy pertaining to the sharing of NPI until the funding agreement
has been retired.
✔✔How to obtain safe harbor protection - ✔✔Dealers using the FTC's final model notice
will enjoy a "safe harbor" as long as they don't make any changes or include any
variations in the model form.
✔✔The purpose of the Safeguards Rule - ✔✔1. To insure the security and
confidentiality of Customer Information
2. To protect against any anticipated threats or hazards to the security and/or integrity of
Customer Information
3. To protect against any unauthorized access to or use of Customer Information that
could result in substantial harm or inconvenience to any customer.
✔✔What constitutes "customer information" under the Safeguards Rule? - ✔✔Any
record containing non-public personal information about a customer of the dealership,
whether in paper, electronic, or other form, that is handled or maintained by or on behalf
of the dealership or its affiliates.
✔✔What does the Safeguard Rule require of dealerships? - ✔✔1. You must designate
an employee or employees to coordinate your information security program.
2. You must identify reasonably foreseeable internal and external risks to the security,
confidentiality, and integrity of Customer Information that could result in its unauthorized
disclosure, misuse, alteration or destruction.
3. You must develop and implement Customer Information safeguards to control the
risks you identify through the risk assessment.
4. You must oversee service providers who take possession of Customer Information.
5. You must evaluate and adjust your information security program.
✔✔When and how should customers be notified if unauthorized access to sensitive
information occurs? - ✔✔The Final Guidance on Response Programs requires
, customer notification if it's determined that misuse of the information has occurred or
that it's reasonably possible it will occur.
✔✔What does the Disposal Rule require? - ✔✔Requires entities that possess consumer
information to properly dispose of such information by taking reasonable measures to
protect against unauthorized access to, or use of, this information.
✔✔(True/False) In short, the use of any or a portion of the customer information
provided while completing a credit application should be considered nonpublic personal
information. - ✔✔True
✔✔What types of transactions are subject to the Gramm-Leach-Bliley Act? - ✔✔-
Consumer Leases
-Installment Sale Agreements on vehicles for personal, household or family use
✔✔Under the _______ Rule, 1) a customer must receive certain notices, 2) a
dealership's right to use customer information is limited, and 3) a dealership must allow
the customer to impose more restrictions (such as opting out). - ✔✔Privacy
✔✔The Safeguards Rule applies to customer information in _______ form. - ✔✔Paper
& Electronic
✔✔(True/False) According to AFIP's suggested best practices, an initial privacy notice
should be issued to any individual whose nonpublic personal information will be used to
solicit a willing funding source. - ✔✔True
✔✔(True/False) The Gramm-Leach-Bliley Act addresses the use and protection of
consumers' nonpublic personal information. - ✔✔True
✔✔Best practices dictate that creditors protect NPI from who? - ✔✔Customers &
Consumers
✔✔Which two Rules implement the Gramm-Leach-Bliley Act? - ✔✔Safeguard & Privacy
Rule
✔✔As long as the required elements of the privacy notice are disclosed to the
customer, the information can be given to the customer _______. - ✔✔In writing
✔✔(True/False) While many states have their own privacy notice requirements,
dealerships may ignore those when drafting their privacy notices because the federal
law about privacy notices always trumps state law. - ✔✔False
QUESTIONS AND ANSWERS SURE A+
✔✔The parties and situations that are covered by the Rules - ✔✔-Traditional car
dealers.
-All dealers who are "financial institutions" under the GLB.
-Natural persons who obtain financing products for family, personal or household
purposes.
-When an individual applies for credit, regardless of whether credit is extended.
✔✔Privacy Rule requirements - ✔✔1. You must provide certain notices: notify
customers about its privacy policies & practices
2. Your right to use Customer Information is limited
3. You also must allow the consumer to impose more restrictions
✔✔Nonpublic Personal Information (NPI) - ✔✔Any "personally identifiable financial
information" that a financial institution collects about an individual in connection with
providing a financial product or service, unless that information is otherwise publicly
available.
✔✔Definition of "consumer" under the Privacy Rule - ✔✔Someone who obtains or has
obtained a financial product or service from a financial institution that is to be used
primarily for personal, family, or household purposes, or that person's legal
representative. The term "consumer" does not apply to commercial clients, like sole
proprietorships.
✔✔What it means for a consumer to "opt out"? - ✔✔Once told that his/her NPI might be
sold to a third party that isn't directly related to the immediate transaction, the customer
must be given the option to decline having his or her information sold (called "opting
out")
✔✔The conditions under which a privacy notice must be issued - ✔✔-An initial privacy
notice is required only if the dealer intends to share this information with a non-affiliated
third party.
-You must deliver your privacy notices to each consumer or customer in writing, or, if
the consumer or customer agrees, electronically.
-Notices given orally or posted in your office(s) don't comply with the rule.
✔✔The entity responsible for issuing notices during the repayment period of the
installment sale or consumer lease agreement: - ✔✔The financial institution that is
assigned the contract; or the entity in which the consumer relationship exists.
✔✔The information that must be included in the privacy notice - ✔✔-The categories of
NPI that you collect
-The categories of NPI that you disclose
,-The categories of affiliates & non-affiliated third parties to whom you disclose NPI
-The categories of NPI about your former customers that you disclose & the categories
of affiliates and non-affiliated third parties to whom you disclose NPI
-A separate statement of the categories of information you disclose and the categories
of third parties with whom you have contracted
-An explanation of the consumer's right to opt-out of certain disclosures of NPI to non-
affiliated third parties
-A Fair Credit Reporting Act disclosure
-A statement regarding your information safeguards policies and practices
✔✔The rules regarding when it is permissible to share NPI with a nonaffiliated third
party - ✔✔-The notices must be delivered whether the NPI is shared with unrelated
entities or not.
-The financial institution to which the loan is assigned is required to provide annual
notices regarding its policy pertaining to the sharing of NPI until the funding agreement
has been retired.
✔✔How to obtain safe harbor protection - ✔✔Dealers using the FTC's final model notice
will enjoy a "safe harbor" as long as they don't make any changes or include any
variations in the model form.
✔✔The purpose of the Safeguards Rule - ✔✔1. To insure the security and
confidentiality of Customer Information
2. To protect against any anticipated threats or hazards to the security and/or integrity of
Customer Information
3. To protect against any unauthorized access to or use of Customer Information that
could result in substantial harm or inconvenience to any customer.
✔✔What constitutes "customer information" under the Safeguards Rule? - ✔✔Any
record containing non-public personal information about a customer of the dealership,
whether in paper, electronic, or other form, that is handled or maintained by or on behalf
of the dealership or its affiliates.
✔✔What does the Safeguard Rule require of dealerships? - ✔✔1. You must designate
an employee or employees to coordinate your information security program.
2. You must identify reasonably foreseeable internal and external risks to the security,
confidentiality, and integrity of Customer Information that could result in its unauthorized
disclosure, misuse, alteration or destruction.
3. You must develop and implement Customer Information safeguards to control the
risks you identify through the risk assessment.
4. You must oversee service providers who take possession of Customer Information.
5. You must evaluate and adjust your information security program.
✔✔When and how should customers be notified if unauthorized access to sensitive
information occurs? - ✔✔The Final Guidance on Response Programs requires
, customer notification if it's determined that misuse of the information has occurred or
that it's reasonably possible it will occur.
✔✔What does the Disposal Rule require? - ✔✔Requires entities that possess consumer
information to properly dispose of such information by taking reasonable measures to
protect against unauthorized access to, or use of, this information.
✔✔(True/False) In short, the use of any or a portion of the customer information
provided while completing a credit application should be considered nonpublic personal
information. - ✔✔True
✔✔What types of transactions are subject to the Gramm-Leach-Bliley Act? - ✔✔-
Consumer Leases
-Installment Sale Agreements on vehicles for personal, household or family use
✔✔Under the _______ Rule, 1) a customer must receive certain notices, 2) a
dealership's right to use customer information is limited, and 3) a dealership must allow
the customer to impose more restrictions (such as opting out). - ✔✔Privacy
✔✔The Safeguards Rule applies to customer information in _______ form. - ✔✔Paper
& Electronic
✔✔(True/False) According to AFIP's suggested best practices, an initial privacy notice
should be issued to any individual whose nonpublic personal information will be used to
solicit a willing funding source. - ✔✔True
✔✔(True/False) The Gramm-Leach-Bliley Act addresses the use and protection of
consumers' nonpublic personal information. - ✔✔True
✔✔Best practices dictate that creditors protect NPI from who? - ✔✔Customers &
Consumers
✔✔Which two Rules implement the Gramm-Leach-Bliley Act? - ✔✔Safeguard & Privacy
Rule
✔✔As long as the required elements of the privacy notice are disclosed to the
customer, the information can be given to the customer _______. - ✔✔In writing
✔✔(True/False) While many states have their own privacy notice requirements,
dealerships may ignore those when drafting their privacy notices because the federal
law about privacy notices always trumps state law. - ✔✔False
