Bluestem National Bank Customer Privacy Policy

Bluestem National Bank
Customer Privacy Policy
Bluestem Financial Corp. * Bluestem National Bank * Bluestem Financial Services

Adopted 6/22/00; revised 4/24/08

Bluestem Financial Corp. recognizes and respects the importance of personal privacy. We believe personal privacy should not be compromised. At the same time, we expect to offer our customers the array of financial products and services needed to accomplish their financial goals. Both can be accomplished through the privacy policy outlined below.

Our Collection, Use and Retention of Customer Information. We collect, use and retain information about our customers only where we reasonably believe it would be useful in administering our business, and providing products, services and other opportunities to our customers. We collect and retain information only for specific business purposes. We use information to protect and administer our customers’ records, accounts, and funds; to comply with certain laws and regulations; to help design or improve our products and services; and to provide quality products and outstanding service.

Our Maintenance of Accurate Information. We have implemented procedures to help assure that our customers’ financial information is accurate, current and complete in accordance with commercial standards. While some procedures are required by federal or state law, we also have procedures for responding to requests to correct inaccurate information in a timely manner and to update information and remove old information regarding the customer’s relationship with our companies that they believe to be inaccurate.

Limiting Employee Access to Information. We have procedures that limit employee access to personally identifiable information to those employees with a business reason to know such information. The importance of confidentiality and customer privacy is addressed in our employee policy and employees must sign a confidentiality statement. Appropriate disciplinary measures are taken to enforce employee privacy responsibilities.

Protection of Information. We maintain security standards and procedures to help prevent unauthorized access to confidential customer information. We update and test our technology to improve the protection of our customer information and to assure the integrity of our information.

Restrictions on the Disclosure of Account Information. We share information regarding customers among our banking divisions and affiliated companies so that we can provide an array of financial-related products to our customers and can recommend other financial products and services to match their needs. We do not reveal specific information about our customers’ accounts or other personally identifiable data to unaffiliated parties for their independent use, unless (1) our customer has requested it; (2) the information is provided to help complete a transaction initiated by our customer; (3) the information is provided to a reputable credit bureau or similar information reporting agency; or (4) disclosure is lawfully permitted or required.

Maintaining Customer Privacy in Business Relationships with Outside Third Parties. At times it is necessary to provide personally identifiable information about our customers to a third party, such as a vendor or service company that we hire to prepare account statements or to provide support or services for one of our products. These vendors and service companies agree to safeguard our confidential customer information and they must abide by applicable law. We will not sell information about our customers to any other company.

Disclosing Our Privacy Commitment to Our Customers. We want our customers to understand our commitment to privacy issues and our use of confidential customer information. Our customers may obtain a copy of this policy at any company office location, by calling (1-800-690-7836) or by writing to Bluestem Financial Corp., 104 E. Locust St., Fairbury, Illinois 61739.

Review and Updates. With the rapid changes in the personal privacy world, our Privacy Statement will be subject to frequent reviews, updates and revisions. An audit describing the overall status of the Privacy Statement and the bank's compliance with these guidelines will be performed annually. This report will be reviewed annually by the bank's Board of Directors, but may be amended more frequently as deemed necessary by management.

Security Standards. Bluestem National Bank uses CSI for all customer core processing. CSI uses 128-bit key encryption for access to customer information through a Virtual Private Network (VPN) connection and through the Nu Point software product which Bluestem uses. Once authenticated through these systems, the user must supply a valid username and password combination.

Encryption is also used on all circuits established between CSI and Digital Insight Internet Banking service. 128-bit encryption is set as soon as customer logs in to the internet banking home page.

Network Protection. Bluestem National Bank customers are routed through Firewalls. This system protects our customers from Internet-based attacks.

Network Communication Security

Local LAN/WAN
Bluestem National Bank networks use login ID and Password Security. Anti-virus software runs across the LAN/WAN network and a firewall protects against outside intruders. The anti-virus software is updated weekly. Our radios run Breeze.com software and frequency hopping. ESSID with SNMP management software is also running. RC4 algorithm is also part of Breeze Access. This system is updated daily and any exceptions or attacks are emailed to Advanced Communications and Bluestem at once. Advanced Communications is retained on a monthy basis to review the system’s firewalls.

Internet Security
Bluestem National Bank runs a FortiGate firewall system along with FortiAnalyzer Logging device firewall analyzer. This software scans for anti-virus / Worm detection and removal. Also with this system is NAT, PAT bridge routing, 802.1q VLAN support, and a VPN link with the Federal Reserve Fedline system. Web filtering is also running. You may request a detailed description of this system by calling Bluestem National Bank at 815-692-2369 and asking for the FortiGate overviews.

Third Party Security
Third party vendors that handle any customer information are required to keep the same standards of data security as Bluestem National Bank. All vendors have both firewall security and anti-virus systems in operation. Bluestem’s third party Risk Assessment valuation addresses data security issues.

Amendments. We reserve the right to change or update this Privacy Policy, or any other Bluestem policy or practice, at any time with reasonable notice to users of our web site. Any changes or updates will be effective immediately upon posting to the site unless an effective date is provided.