Privacy & Security

Consumer Online Privacy Policy

Our Collection of Information About You. We may collect nonpublic personal information about you in order to understand your needs, administer our business, process transactions, and provide you with products and services. We obtain nonpublic personal information about you from the following sources:

• Information we receive from you on applications or other forms (such as your name, address, social security number, assets and income);
  
• Information about your transactions with us, our affiliates, or others (such as your account balance, payment history, parties to transactions, and credit usage); and
  
• Information we receive from a consumer reporting agency (such as your creditworthiness and credit history).
  

Our Disclosure of That Information.

Joint Marketing Arrangements  We may disclose some or all of the information we collect, as described above, to nonaffiliated financial institutions with whom we have joint marketing agreements, such as securities broker-dealers, insurance agents and card issuers, so that they can market goods and services to you.

Our Service Providers  We may disclose some of the information described above, such as your name and address, to companies that perform marketing and other services on our behalf (e.g., to companies that assist us with mailings).

Use by Affiliated Companies for Non-Marketing Purposes  We may provide information regarding our experience and transactions with you to financial service providers (e.g., financial institutions, securities broker-dealers, and insurance agents) and others (e.g., Zions Bancorporation and Zions Management Services Corporation) with which we are related by common ownership or affiliated by corporate control ("affiliates"). Our affiliates currently include those listed below.

We also may share other information we obtain about you with our affiliates (e.g., information from applications and credit reports), unless you notify us before the information is initially communicated that you do not want us to share that information. You can tell us not to share such information by calling us at (866) 299-3339.

Use by Affiliated Companies for Marketing Purposes  Some or all of the information described above that we provide to our affiliates may be used by them to market products and services to you.

You may limit our affiliates, such as our bank, credit card, insurance, and securities affiliates, from marketing their products or services to you based on your personal information that we collect and share with them. This information includes, for example, your income, your account history with us, and your credit score.Your choice to limit marketing offers from our affiliates will apply for at least 5 years from when you tell us your choice. Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from our affiliates for at least another 5 years. If you have already made a choice to limit marketing offers from our affiliates, you do not need to act again until you receive the renewal notice.

To limit marketing offers, contact us by telephone at (866) 299-3339.

Others  We may disclose information about you, your accounts and transactions: (a) where it is necessary or helpful to effect, process or confirm your transactions; (b) to verify the existence, history and condition of your account for credit reporting agencies; (c) to comply with legal process, such as subpoenas and court orders; (d) to law enforcement authorities if we believe a crime has been committed; (e) if you give us your consent; and (f) as otherwise permitted by law.

We do not disclose nonpublic personal information about our current or former customers to others, except as set forth in this policy.

State Rights  Depending on where you live, you may have additional privacy protections under some state laws. For example, certain state laws may restrict the types of information we may disclose about you, limit the parties with whom we may share such information, or require us to provide you with additional notices or opt-out rights. We will comply with applicable state laws before sharing nonpublic personal information about you. We may do this by sending a separate notice of those rights to you.

Maintaining Accurate Information  We have procedures in place that help us to maintain the accuracy of the personally identifiable information that we collect. Please contact your branch of account, representative or call our customer service center at (800) 400-6080, if you believe that our information about you is incomplete, out-of-date, or incorrect.

If you are an online customer of ours, visit our website at www.calbanktrust.com to review and correct information about yourself, such as a change in your name, address or e-mail address.

Information Security  We restrict access to nonpublic personal information about you to those employees who have a need to know such information (e.g., to process your transactions or provide services to you). We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information.

Links to Other Web Sites  Our web site may feature links to third party web sites that offer goods, services or information. Some of these sites may appear as windows-within-windows at this site. When you click on one of these links, you will be leaving our site and will no longer be subject to this policy. We are not responsible for the information collection practices of the other web sites that you visit and urge you to review their privacy policies before you provide them with any personally identifiable information. Third party sites may collect and use information about you in a way that is different from this policy.

Services and Advertisements by Third Parties  Third parties may offer services from time to time at our web site. If you provide them with information, their use of that information will be subject to their privacy policy, if any, and will not be subject to this policy. If you accept third party goods or services advertised at our web site, the third party may be able to identify that you have a relationship with us (e.g., if the offer was only made through our site).

Minors  We feel strongly about protecting the privacy of children and teenagers. As such, we do not knowingly collect personally identifiable information from minors through our web site.

Changes to this Policy  We may add to, delete, or change the terms of this Privacy Policy from time to time by posting a notice of the change (or an amended Privacy Policy) at this web site. If required by law, we will send you a notice of the change. Your continued use of our web site or any online service following notification will constitute your agreement to the revised Policy.

Questions. If you have any questions regarding this Policy, you can call us at (866) 299-3339.

List of Affiliates:

(Revised April 2008)

Email and Internet Related Fraudulent Schemes

Identity Theft: 11 Ways to Safeguard Your Identity

1. Many unauthorized transactions are committed by those close to you or those with access to your residence and are crimes of opportunity. Keep personal information, including PIN numbers, checks, bank statements, credit cards and statements, and brokerage and mortgage account information safe. Consider using a locking file cabinet at home to store such financial information. Never write your PIN number on your access card, and try to avoid using PINs that are easily guessed by those who know you such as addresses, birthdays and other important dates.

2.Take care disposing of documentation containing personal or financial information. Shred all papers with confidential information before throwing them away, especially bank and credit card statements and anything with your preprinted name and address, like credit card and mortgage refinance solicitations.

3. Mail is a target of identity thieves. They steal mail and alter the payee and amount of a check, or use the account information to generate counterfeit checks. Don't use your home mailbox to send payments or correspondence with confidential information. Hand your mail directly to your postal agent, use the Post Office, or drop them in an official Post Office box. Consider subscribing to an online banking service for bill paying for added security.

4. Don't carry all your financial resources on your person. Limit the number of credit cards you carry in case your purse or wallet is lost or stolen. Report any loss immediately to your credit card provider. Never carry your social security card or number on you.

5. Pay close attention to your billing and bank statements. Check your bank and credit card statements as soon as they arrive and immediately dispute any unauthorized charges or transactions. You are the only one who knows whether a charge or transaction is authorized. Most banks follow the industry standard of 'bulk filing' checks, which means that incoming items are not reviewed for authenticity or alteration, or to verify that the signature on the check is authorized. Your bank or creditor will disclaim liability for continuing unauthorized charges or transactions if they can show you were mailed a statement and failed to act promptly in giving notice of unauthorized activity and, as a result, additional charges could have been stopped.

6. Question any request for your driver's license number or Social Security number. While you may be asked for additional identification, such as a driver's license, when writing a check or using a credit card, many states (including California) prohibit a merchant from recording such information. Never have your SSN or driver's license number printed on your checks.

7. Know the policies of those with whom you do business. Ask for and review the privacy policies of the companies with whom you do business. Opt out of any information sharing that makes you uncomfortable.

8. Online banking safety. When using DirectNETSM Online Banking or CBT Connect to monitor your accounts, change your passwords often and try to avoid obvious guesses for a password. If you leave your computer while conducting online banking, log out of the program or insure that a password protected screen saver engages after a brief time of inactivity.

9. Be suspicious of unsolicited offers. Be wary of mail, telephone or e-mail requests for you to verify personal information, particularly if you did not initiate the contact. Such unsolicited inquiries are called "Phishing." Identity thieves represent themselves as legitimate entities, such as the FDIC or VISA?, and rely on your assumption that requests for your information from these recognized names are legitimate. Moreover,

• Do not reply to e-mails requesting personal information. To be safe, do not even open e-mails from unknown senders.
  
• Respond to telephone requests for information by asking the caller to make their request in writing. If they don't already have your address, don't provide it.
  
• Call the companies who send requests to you for your personal information and confirm the request is legitimate.
  

10. Other Scams. There are many ways individuals become victims, not only of identity theft but, of numerous other scams, as well. Some of the more well known include:

• Nigerian Fraud. Individuals are contacted by one promising a cut of a large fortune if the individual helps get money out of the foreign country. Such a scam often requires money from the victim, as well as disclosure of bank account information into which the "fortune" will be wired. Your funds will never be seen again.
  
• Nigerian Fraud II. Currently, thieves are putting money up front. They promise the victim 10% of a large amount if the victim will only deposit delivered funds into his/her account and wire the funds out as soon as possible. The most common currency is USPS money orders, which are subsequently returned as counterfeit items, resulting in a large overdraft to your account for which your bank will hold you responsible.
  
• E-bay and other online sales. Beware of selling merchandise over the Internet if your purchaser wants to pay you more than your asking price. The purchaser will offer to pay you substantially more and ask you to wire the overpayment elsewhere. When the purchasers check is returned as counterfeit, you've not only lost your property, but have a large overdraft to resolve with your bank.
  
• Canadian Lottery. They mail you a letter advising that you've won a lottery you haven't even entered. The catch is that you have to send them 'administrative fees' to process your winnings, usually in the $3,000-$5,000 range. To cover this, they will send you a check, which they ask that you deposit and wire back to them. The check is counterfeit, the money is gone, and you've got an overdraft to resolve with your bank.
  

The United States Postal Service carries regular alerts on consumer scams on its Website, USPS, as does the Federal Trade Commission, FTC, and the Better Business Bureaus, BBB. They are well worth your time to review. A good rule of thumb to remember is, "if it seems too good to be true, it probably is."

11. Be vigilant. Check your bank account activity frequently and check your credit report at least annually. This will allow you to discover unauthorized activity early, before substantial damage to your financial reputation can be done.

If you become a victim of identity theft:

• Contact the bank immediately.
  
• Have your credit cards canceled immediately. Investigate any unfamiliar charges.
  
• File a police report. Once you have it, contact the three credit reporting agencies and begin verifying and disputing any entries that were not authorized by you. The three credit reporting agencies are:
  

Equifax
1 (800) 525-6285
Equifax
P.O. Box 740250
Atlanta, GA 30374
Email: businessrecordsecurity@equifax.com

Experian
1 (888) 397-3742
Experian
P.O. Box 1017
Allen, TX 75013
Email: BusinessRecordsVictimAssistance@experian.com

TransUnion
1 (800) 680-7289
Transunion
P.O. Box 6790
Fullerton, CA 92634

* Report all suspicious emails or calls to the Federal Trade Commission through the Internet at Consumer ID Theft, or by calling 1-877-ID-THEFT (877-438-4338).

For more tips on how to prevent identity theft, as well as what else to do if your identity is stolen, contact the Federal Trade Commission at 1-877-IDTHEFT (438-4338), visit Consumer ID Theft or speak to a representative at your local California Bank & Trust branch.

Identity Theft: Don't Be an On-line Victim -
How to Guard Against Internet Thieves and Electronic Scams

Protecting Your Business: Working with Your Business to Prevent Fraud

Know your employees.

• Establish and maintain a system of dual controls in your office on blank checks, invoices, and accounts receivable. Do not allow the same person that reconciles your bank statement to also issue checks against the account.
  
• Store check stock in a locked cabinet accessible only to authorized personnel.
  
• Check the references of employment applicants, confirm employment dates, and look for time gaps on resumes.
  
• Consider performing a background check on employees with access to bank accounts, financial statements, online banking services and other sensitive company information.
  
• If you use temporary employees, make sure the agency you use to staff sensitive positions represents that they have performed background and/or reference checks on individuals they place with your company.
  
• Never sign blank checks.
  
• Check all payments against invoices to confirm the invoice is legitimate and the services are authorized.
  
• Review and reconcile bank statements in a timely manner.
  
• Regularly test or audit compliance with policies and procedures.
  

Minimize your risk to check fraud and counterfeiting.

• Use an established check printer that includes security features on checks, such as artificial watermarks, a warning band that calls attention to security features, and micro printing that copiers and scanners cannot easily duplicate.
  
• Keep check stock in a secure location accessible only to authorized personnel.
  
• Consider subscribing to a Cash Management product, so that your review of account activity can be frequent and timely and reduce the risk that a forged, altered or counterfeit check will pay against your account.
  
• Shred all materials that contain bank account or other sensitive information, or dispose in a secure bin to be shredded by a professional service at regular intervals.
  
• Hand outgoing mail directly to a postal agent, use the Post Office, or drop them in an official Post Office box.
  
• Consider opening a post office box for your business to receive its mail.
  
• Monitor your accounts payable and accounts receivable closely. If you receive a past due bill on an invoice you know you have paid, your payment may have been stolen and your account information is now in the hands of a counterfeiter or one who may alter and negotiate the item. Don't ignore your past due receivables. Your customer may have mailed you a check that has been intercepted and converted or counterfeited.
  

Secure your business premises.

A secure physical environment deters fraud. At a minimum you should:

• Keep sensitive files and check stock under lock and key and limit access to those areas to authorized and trusted employees only.
  
• Monitor the assignment of keys and establish dual controls for critical functions.
  
• If possible, keep sensitive operations separate from the part of your business where the public, delivery persons, janitors and others have access, and restrict access to these areas to authorized personnel.
  

Technology breaches.

• Install firewalls to protect computer networks and control the flow of data.
  
• Install virus protection software on computers and servers.
  
• Do not open e-mail attachments from unknown senders.
  
• Limit access to company data to those employees who need the information and access to perform their job duties. Assign passwords and make it a policy that passwords be changed frequently.
  
• Do not publish confidential company information on your Website.
  
• Check out the companies with which you do business to assure their legitimacy, particularly if they are to have access to secure locations on your Website to conduct business.
  

Beware of Phishers.

• Adopt a policy that all outside inquiries regarding the company be referred to a principal or executive of the business.
  
• Do not respond to requests to verify the identification number on printers, fax machines or copy machines. Scam artists use this information to generate a billing to your business for services not rendered.
  
• Review all invoices before payment to confirm that the services were authorized.
  

By implementing and observing these, among other, sound business practices, you will not only minimize the risk to your own company of certain controllable losses, you will better protect your own customers' identities and confidential information, as well.

For more information on identity theft and how it may impact your business, contact the Federal Trade Commission:

Federal Trade Commission
CRC-240
Washington D.C. 205801
(877) FTC-HELP1
(877) 382-4357
FTC