Privacy of Consumer Financial Information

PURPOSE AND OBJECTIVES
This policy reaffirms and formalizes our bank's realization of and respect for the privacy expectations and rights of our customers regarding financial information and other related information, which the bank has or gathers in the normal course of business. It is intended to provide guidance to bank personnel as well as assurance to our customers. We will also, of course, act in compliance with all applicable laws and regulations.

DEFINITIONS
Employee: For the purpose of this policy, it includes all directors, officers, and employees of the bank as well as any attorneys, agents, or outside vendors, who become privy to customer information.
Consumer: An individual who obtains or has obtained a financial product or service from a bank that is to be used primarily for personal, family, or household purposes, or that individual's legal representative. An example of a consumer would be a loan applicant. A consumer is not necessarily a customer.
Customer: A person who has established a continuing relationship with our bank. (For example, an approved loan applicant who signs a note would become a customer).
Nonpublic Personal Information: Personally identifiable information relating to a consumer, except when there is a reasonable belief that the information is publicly available. For example, the fact of a customer relationship with the bank, presumably, would be nonpublic personal information. It is only if personally identifiable information relating to a consumer is publicly available, that such information is excluded from nonpublic information.
Publicly Available Information: Any information that a bank has a reasonable basis to believe is lawfully made available to the general public from Federal, State, or local government records; widely distributed media; or disclosures to the general public that are required to be made by Federal, State, or local law. (For example, a published telephone directory, or the public record of real estate transactions.)

RESPONSIBILITY
The Board of Directors has the ultimate responsibility to appropriately establish and maintain this policy and assure that it is being observed in the daily operations of the bank. The Chief Executive Officer is responsible for carrying out this policy and making recommendations to the board of directors as to necessary or desirable changes to the policy.

PRIVACY PRINCIPLES
The bank recognizes the following eight elements of its privacy policy, which have become standard within the banking industry:

  1. Recognition of Customer's Expectation of Privacy
  2. Use, Collection and Retention of Customer Information
  3. Maintenance of Accurate Information
  4. Limiting Employee Access to Informat
  5. Protection of Information via Established Security Procedures
  6. Restrictions on the Disclosure of Consumer Information
  7. Maintaining Customer Privacy in Business Relationships with Third Parties
  8. Disclosure of Privacy Principles to Customers

RECOGNITION OF CUSTOMERS'S EXPECTATION OF PRIVACY
Customers of our bank are entitled to the absolute assurance that the information concerning their financial circumstances and personal lives, which the bank has obtained through various means, will be treated with the highest degree of confidentiality and respect. Certain expectations of privacy also contain legal rights of customers, which are either granted or confirmed, to them through various federal and state laws and regulations. All employees are directed by this policy to assure customers of the bank's commitment to preserving the privacy of their information. The bank will post a notice in all banking offices which contains an abbreviated version of this policy. That notice is included as part of this policy and is designed to be both a posted notice and a direct disclosure to customers under circumstances described later in this policy.

USE, COLLECTION AND RETENTION OF CONSUMER INFORMATION
It is the policy and practice of the bank to collect, retain and use information about consumers and customers (both individual and corporate) only where the bank reasonably believes the gathering of such information would be useful and allowed by law to administer the bank's business and/or to provide products, services or opportunities to its customers.

MAINTENANCE OF ACCURATE INFORMATION
Executive management has established procedures to ensure that, to the extent practicable, all customer financial information is accurate, current and complete in accordance with reasonable commercial standards. The bank will respond promptly and affirmatively to any legitimate customer request to correct inaccurate information, including forwarding of corrected information to any third party who had received the inaccurate information. The bank will further undertake to record that such corrective action was requested by the customer and follow up with any third party to ensure that they have processed the correction.

LIMITATION ON EMPLOYEE ACCESS
Executive management has taken steps necessary to ensure that only employees with a legitimate business reason for knowing personally identifiable customer information shall have access to such information. To the extent practicable, access will be limited to computer access codes and access will be limited to areas in which sensitive customer information is retained. Employees will be informed at the time of their initial employment of these standards and periodically reminded of these standards during training sessions at least once during each calendar year. Willful violation of this element of this policy will result in disciplinary action against the offending individual. Inadvertent violations will be dealt with in a manner to ensure that such violations are not repeated.

PROTECTION OF INFORMATION
The bank will maintain appropriate security standards and procedures to prevent unauthorized access to customer information. Such procedures should prevent access by not only unauthorized employees, but others as well. Such others include but are not limited to, all non-employees with otherwise legitimate reasons for being on bank premises, computer "hackers," and any intruders on bank premises.

DISCLOSURE OF PRIVACY PRINCIPLES TO CUSTOMERS
Disclosure of the privacy notice (appended as a part of this policy) shall be provided to customers initially and then annually thereafter. The notice will be given to all new loan applicants and to all new deposit account owners.

RESTRICTION ON THE DISCLOSURE OF ACCOUNT INFORMATION
We do not reveal specific information about customer accounts or other personally identifiable data to parties outside our affiliated banks and companies for their independent use unless: 1) requested or authorized by our customer; 2) the information is provided to help complete a transaction initiated by our customer; 3) the information is provided to a reputable credit bureau or similar information reporting agency; or 4) the disclosure otherwise is lawfully permitted or required. We do not provide account or personal information to non-affiliated companies for the purpose of independent telemarketing or direct mail marketing of any non-financial products or services of those companies.

EMPLOYEE EDUCATION AND TRAINING
Executive management will provide a copy of this policy to all bank employees. After any amendments or modifications to this policy have been duly adopted, a copy of the amended policy will also be given to each employee. At least once during each calendar year, the bank will conduct a meeting of all employees during which matters affecting customers' rights to privacy will be discussed. Such meetings will include discussions on the following:

  • The proper use of customer information.
  • Procedures for maintaining security of information.
  • The importance of confidentiality and customer privacy.
  • Any incidents, or patterns of behavior, which are covered under this policy.


  • RECORD KEEPING AND REPORTING
    Executive management will maintain a separate file for the purpose of retaining any customer complaints that relate to this policy. The information regarding any complaint should include the exact nature of the complaint, describe the corrective actions taken, and confirm that the corrective actions resolved the complaint.

    REVIEW OF POLICY
    The board of directors will make a review of this policy at least once each year and make any revisions and amendments it deems appropriate. The Chief Executive Officer will be responsible for suggesting more frequent revisions as situations or changes in laws or regulations dictate.

    MAY 1 2001