SunCorp places a high priority on security, and utilizes security measures to protect not just nonpublic personal information and information about “covered accounts” (as defined in Part 717), but all types of confidential information that it receives from its member credit unions.

Under Part 717 of the NCUA’s Regulations, SunCorp is deemed to be a “service provider” to its member credit unions.

Each credit union for which SunCorp is a “service provider” is hereby authorized to consider these statements to be a contractual agreement with SunCorp, or to be an amendment of any agreements or Schedules that the credit union has entered into with SunCorp.

• SunCorp agrees to utilize policies and procedures, developed by the corporate, that are designed to prevent, detect and mitigate the risk of security breaches that could result in a member of a credit union, or any other person, being exposed to identity theft. These policies and procedures will apply to all circumstances in which SunCorp processes or otherwise has access to confidential information, whether in connection with providing services for a “covered account” held at a credit union or otherwise.
• SunCorp agrees not to use nonpublic personal information about any credit union’s members, or about any other person, for any purpose other than those purposes for which the credit union disclosed the information to SunCorp, including servicing and processing of transactions in the ordinary course of business.
• SunCorp will utilize security measures that SunCorp deems to be appropriate for the protection of nonpublic personal information about credit union members and other persons, with particular attention to protection against unauthorized access to or unauthorized use of such information that could result in substantial harm or inconvenience to any credit union’s members or to any other person.
• If an incident occurs that involves unauthorized access to or unauthorized use of nonpublic personal information about any credit union’s members or about any other person, SunCorp will take actions that SunCorp deems to be appropriate, including notification to the affected credit union as soon as possible of any such incident.
• From time to time, if requested by a credit union, SunCorp will make available to the credit union information deemed by SunCorp to be appropriate as to the security measures, controls, systems and procedures that SunCorp uses for the protection of nonpublic personal information.
• SunCorp will utilize security measures designed to accomplish the proper disposal of nonpublic personal information held by SunCorp. If immediate deletion or disposal of the nonpublic personal information held by SunCorp is not feasible, then until the date when deletion or disposal of the information occurs, SunCorp will continue to utilize security measures designed to protect the information against unauthorized access and against unauthorized use.