Amendment to Engagement Letter Between PricewaterhouseCoopers LLP and E-LOAN, Inc. Regarding Audit Report Usage

Contract Categories: Business Finance Modification Agreements
Summary

This agreement amends the prior engagement letter between PricewaterhouseCoopers LLP and E-LOAN, Inc. It specifies that the existing audit report for E-LOAN, dated November 17, 2001, may only be used or displayed on E-LOAN’s website for 180 days from the report date. After this period, the report must be removed unless a new privacy compliance audit is underway. All other terms of the original engagement letter remain unchanged, except for previously revised fees. The agreement is signed by both parties to confirm their acceptance of these terms.

Read More Arrow
EX-10.7 8 c20960_ex10-7.txt LETTER TO MATTHEW ROBERTS Exhibit 10.7 [GRAPHIC] PricewaterhouseCoopers LLP 333 Market Street San Francisco CA 94105-2119 Telephone ###-###-#### Facsimile ###-###-#### February 12, 2001 Matthew Roberts Chief Financial Officer E-LOAN, Inc. 5875 Arnold Road Dublin, CA 94568 Dear Mr. Roberts: This letter reflects our agreement to amend our engagement letter of June 22, 2000 with E-LOAN (the "Company") in the following respect. The existing audit report dated November 17, 2001 and currently displayed on the E-LOAN US web site, www.eloan.com, will be effective for a period of 180 days from the date of our report and may not be used or distributed after such date. The Company agrees that our report and any references thereto will be removed from the Internet no later than such date, unless a subsequent privacy compliance audit to provide a "refreshed report" are in the process of being performed. All other provisions of our engagement letter of June 22, 2000 with the Company remain unchanged, with the exception of the fees that have been revised as reflected in the amendment to our engagement letter dated August 29, 2000. If you have any questions, please call Todd Roof at ###-###-#### or Julianne DiFonzo at ###-###-####. Please have one copy of this letter signed in the space provided below acknowledging your agreement and return it to us. Very truly yours, /s/ J. TODD ROOF - ---------------- J. Todd Roof Partner PricewaterhouseCoopers LLP Exhibit 10.7 The services and terms as set forth in this letter are agreed to. E-LOAN By: /s/ MATT ROBERTS /S/ STEPHANY FORTNER ----------------------------------------------- (Matthew Roberts) CFO ----------------------------------------------- (Chief Financial Officer) FEB 12, 2001 ----------------------------------------------- (Date) -2- Exhibit 10.7 EXHIBIT I: SAMPLE ASSESSMENT CRITERIA Note: These assessment criteria are taken from the AICPA's WebTrust 3.0 On-Line Privacy program. A. Disclosures 1. E-LOAN Inc. discloses on the E-LOAN.com US web site, www.eloan.com, its information privacy practices. These practices include, but are not limited to, the following disclosures: o The specific kinds and sources of information collected and maintained; the use of that information; and possible third party distribution of that Information; o Choices regarding how personal information collected from an individual online may be used and/or distributed. Individuals are given the opportunity to opt out of such use by either not providing such information or denying its distribution to parties not involved with the transaction; o Sensitive information needed for the electronic commerce transaction. Individuals must "opt-in" before this information is gathered and transmitted; o The consequences, if any, of an individual's refusal to provide information or of an individual's decision to opt-out (or not opt-in) of a particular use of such information; and o How personal information collected can be reviewed and, if necessary, corrected or removed. 2. If the E-LOAN.corn US web site uses cookies or other tracking methods (e.g. web bugs and middleware), E-LOAN discloses how they are used. If the customer refuses cookies, the consequences, if any, of such refusal are disclosed. 3. E-LOAN discloses its procedure for individuals, companies or other users to inform the entity about breaches or possible breaches to the privacy and security of its electronic commerce system(s). 4. E-LOAN discloses information to enable customers to contact it for questions or support. 5. E-LOAN discloses its procedures for consumer recourse for issues regarding privacy that are not resolved by E-LOAN. These complaints may relate to -3- Exhibit 10.7 collection, use and distribution of private information, and the consequences for failure to resolve such complaints. This resolution process should have the following attributes: o E-LOAN's commitment to use a specified third party dispute resolution service or other process mandated by regulatory bodies in the event the customer is not satisfied with E-LOAN's proposed resolution of such a complaint together with a commitment from such third party to handle such unresolved complaints. Procedures to be followed in resolving such complaints, first with E-LOAN and, if necessary, with the designated third party. o A description of what use or other action will be taken with respect to the private information, which is the subject of the complaint, until the complaint is satisfactorily resolved. 6. E-LOAN discloses any additional privacy practices needed to comply with applicable laws or regulations or any self-regulatory programs in which E-LOAN participates. 7. E-LOAN discloses changes or updates to its privacy practices. 8. E-LOAN clearly discloses to the site's visitors when they have left the site covered by E-LOAN privacy policy. B. Policies, Goals and Objectives 1. E-LOAN's policies regarding the protection of personal information include, but are not limited to, the following items: o Notice to the customer regarding the information collected; o Choice to the customer regarding the type(s) of information gathered and any options the customer has regarding the collection of this information o The procedures to add new users, modify the access levels of existing users, and remove users who no longer need access; o Employees who are allowed access based upon responsibilities and who authorizes that access; o Access by the customer to his or her private information for update and corrective purposes; -4- Exhibit 10.7 o How complaints about privacy can be addressed; o Procedures to handle security incidents; o Record retention and destruction practices; and o E-LOAN's commitment to use third-party dispute resolution that conforms to the Principles of Arbitration in Appendix C of the AICPA's WebTrust 3.0 On-line Privacy program. 2. E-LOAN's employees responsible for the privacy of personally identifiable information are aware of and follow E-LOAN's published privacy and related security policies. 3. Accountability for E-LOAN's privacy policy and related security policies has been assigned. 4. E-LOAN has allocated training and other resources to support its privacy and related security policies. 5. E-LOAN's privacy and related security policies are consistent with disclosed privacy practices and applicable laws and regulations. C. Procedures and Technology Tools 1. E-LOAN has appropriate security procedures to establish new users. 2. E-LOAN has procedures to identify and authenticate authorized users. 3. E-LOAN has procedures to allow users to, change, update or delete their own user profile. 4. E-LOAN has procedures to limit remote access to the internal network to only authorized personnel. 5. E-LOAN has procedures to prevent customers, groups of individuals, or other entities from accessing other than their own private or sensitive information. 6. E-LOAN has procedures to limit access to personally identifiable information to only authorized employees based upon their assigned roles and responsibilities. 7. E-LOAN utilizes a minimum of 128-bit encryption to protect transmission of user authentication, verification, and sensitive or private information that is passed over the Internet from unintended recipients. -5- Matthew Roberts February 12, 2001 Exhibit 10.7 8. E-LOAN has procedures to maintain system configurations that minimize security exposures potentially affecting private or sensitive information. 9. E-LOAN has procedures to ensure that private information obtained as a result of electronic commerce is only disclosed to parties essential to the transaction unless customers are clearly notified prior to providing such information. If the customer was not clearly notified when he or she submitted the information, customer permission is obtained before such information is released to third parties. 10. E-LOAN has procedures to ensure that private information obtained as a result of electronic commerce is used by employees only in ways associated with E-LOAN's business. 11. E-LOAN has procedures for personally identifiable information collected, created or maintained by it to subject the information to reasonable edit and validation checks as it is collected. 12. E-LOAN has procedures to obtain assurance or representation that the adequacy of information protection and privacy policies of third parties to whom information is transferred, and upon which E-LOAN relies, is in conformity with E-LOAN's disclosed privacy practices. 13. Customer permission is obtained before downloading files to be stored or alter or copy information on a customer's computer. o If the customer has indicated that it does not want cookies, E-LOAN has controls to ensure that cookies are not stored on the customer's computer. o E-LOAN requests customer permission to. store, alter, or copy information (other than cookies) in the customer's computer. 14. In the event that a disclosed privacy policy is changed or deleted to be less restrictive, E-LOAN has procedures to protect personal information in accordance with the privacy policies in place when such information was collected. Clear and conspicuous customer notification and choice are required to allow E-LOAN to follow the new privacy policy with respect to their personal information. D. Monitoring and Performance Measures 1. E-LOAN maintains procedures to monitor the security of its electronic commerce systems. -6- Exhibit 10.7 Matthew Roberts February 12, 2001 2. E-LOAN has procedures in place to keep its disclosed privacy and related security policies current with laws and regulations and to monitor adherence to its current privacy and security policy practices. 3. E-LOAN has procedures in place to test its privacy and security incident policy and update it as needed due to technology changes, changes in the structure of the electronic commerce system(s), or information gained from tests of its plan. 4. E-LOAN has procedures in place to monitor and act upon privacy and security breaches. -7-