The Wichita Falls Federal Credit Union is committed to meeting all the financial needs of its members without compromising the valued relationship we have with our members. The Directors, management, and staff of the Credit Union acknowledge that our member's trust and confidence in the Credit Union is our highest priority. In their daily transactions and dealings with us, our members furnish us sensitive and confidential information. We are committed to protecting our member's privacy provisions. To ensure that our members continue their trust in our Credit Union, we adopt the following policy.
Wichita Falls Federal Credit Union shall comply with all NCUA Privacy Rules and all applicable state privacy laws affecting us. The Credit Union management shall be responsible for ensuring that all Directors and staff are properly trained in the various privacy laws affecting the Credit Union. The management of the Credit Union shall ensure that the Credit Union has fully complied with all privacy laws.
The Credit Union will maintain physical, electronic, and procedural safeguards that comply with federal standards to guard members' nonpublic information.
The Credit Union will not gather, collect, or maintain any information about its members that is not necessary in order to offer its products and services, to complete member transactions, or for other relevant business purposes.
The Credit Union will only share information when absolutely necessary. We will only share information to administer the products and services we provide when required to do so by the government or when we partner with other businesses to offer a broader array of products and services.
We will partner only with businesses that follow strict confidentiality requirements. The businesses we select will offer products designed to enhance our member's economic welfare. Under no circumstances will we authorize these firms to charge your account without your expressed consent. The Credit Union will never sell member information to telemarketing firms.
Information Security Program
Management of Wichita Falls Federal Credit Union shall be responsible for developing, implementing, and maintaining an effective information security program to:
- ensure that security and confidentiality of member records and information;
- protect against any anticipated threats or hazards to the security or integrity of such records, and
- protect against unauthorized use of such records or information that would result in substantial harm or inconvenience to any member.
Management shall regularly (no less that annually) report to the board on the current status of the Credit Union's information security program.
Assessment of Risk
In order to assess the risks that may threaten the security, confidentiality, or integrity of member information or member information systems, the Credit Union shall:
- Identify all reasonably foreseeable internal as well as external threats that can result in unauthorized disclosure, misuse, alteration, or destruction of member information of member information systems.
- Determine the likelihood as well as potential damage of the internal and external threats.
- Determine the sufficiency of the Credit Union's policies, procedures and member information systems to control the identified risks.
Management and Control of Risk
In order to manage and control the risks that have been identified, the Credit Union shall:
- Limit access to the Credit Union's member information system to authorized employees only.
- Ensure that employees do not provide member information to unauthorized individuals.
- Limit access at the Credit Union's physical location containing member information; such as buildings, computer facilities, and records storage facilities to authorized individuals only.
Provide encryption of electronic member information including, but not limited to, information in transit or in stage on networks or systems to which unauthorized individual may have access.
Ensure that member information system modifications are consistent with the Credit Union's information security program.
Implement dual control procedures, segregation of duties for employees with responsibilities for, or access to, member information.
Monitor the Credit Union's systems and procedures to detect actual and attempted attacks on or intrusions into the member information systems.
If the Credit Union suspects or detects that unauthorized individual have gained access to member information systems, including appropriate reports to regulatory and law enforcement agencies.
Implement measures to protect against destruction, loss, or damage of member information due to environmental hazards, such as fire and water damage or technical failures.
Regularly monitor, evaluate, and adjust as appropriate, the information security program in light of any relevant changes in technology, and internal or external threats to the Credit Union's information security systems.
Ensure that all contracts with service providers contain appropriate provisions requiring the service providers to protect the confidentiality of the Credit Union member's nonpublic personal information.