Information Security Policy

At Highland Bank, your privacy and security is important to us. All transmissions between your computer and our computer network are encrypted using industry-standard protocols. To access your account information and to transact business using our Online Banking system, you must have both an AccessID and Password. Some business applications may also require the use of a token for additional security.

Access IDs and Passwords

When using our Online Banking tools you will be prompted to enter both your AccessID and Password. For your protection, remember to choose AccessIDs and Passwords that are only known to you. We recommend that you never share them with anyone who claims to represent Highland Bank. Do not use your Social Security Number as your AccessID or Password.

It is good practice to change your password frequently. It is also a good idea to use a combination of letters, numbers and “Special Characters” when you are creating and changing your password.

You can change your password by logging into Online Banking and then selecting “Options” to change your password. If you forget your password, you can reset it online using the “Forgot Password / Pin” link after you’ve entered your AccessID.

You play an important role in protecting your privacy and security. Protect the security of your AccessIDs and Passwords. If you believe someone else may have obtained your AccessID and/or Password please contact us immediately to change your password.

Online Banking Session Termination

For your security, we will terminate your secure Online Banking session after 15 minutes of inactivity. If your session is terminated, you can simply return to the Homepage and log in under the Online Banking section of our website.

Remember to log off after you have completed your banking activities. It is also recommended industry practice to close your browser after you have logged out and you should also periodically clear your browser history to make sure that your information is cleared from your browser’s memory.

We don’t recommend that you use a public computer to transact Online Banking activities.

Safeguarding Consumer Information

Highland Bank maintains internal controls sufficient to protect customer financial information as outlined in our Information Security Policy and procedures.

The Bank’s Information Security Program is designed to:

• Ensure the security and confidentiality of our customers’ information
• Protect against any anticipated threats or hazards to the security or integrity of such information
• Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer
• Ensure the proper disposal of customer information and consumer information

Incident Response Handling Program

Highland Bank maintains a process for internal reporting of suspicious or fraudulent activity, including identity theft. If sensitive personal information is compromised, we will follow the procedures outlined in our Incident Response Handling Program and procedures.

The Bank’s Incident Response Handling Program is designed to:

• Assess the nature and scope of an incident and identify what customer information systems and types of customer information have been accessed or misused
• Notify the FDIC as soon as possible when the Bank becomes aware of an incident involving sensitive customer information
• Notify appropriate law enforcement authorities in addition to filing a timely incident report in situations involving federal criminal violations requiring immediate attention
• Take appropriate steps to contain and control the incident to prevent further unauthorized access or use of customer information
• Notify customers when warranted

If you think that your identity may have been compromised, please follow the recommended steps provided in The Federal Trade Commissions (FTC) website.

Highland Bank Respects the Privacy of All Customers

If you would prefer not to receive consumer-related direct marketing communications from Highland Bank, you need to request that your name be placed on Highland Bank’s Do Not Call List and/or Highland Bank’s Do Not Mail List.

Please allow up to thirty (30) days after you have made your request for your name be removed from any sales/marketing programs currently underway.

How to Be Placed on the Highland Bank Do Not Call and/or Do Not Mail Lists

1. If you receive a call from a Highland Bank salesperson, ask to be placed on the Highland Bank Do Not Call List and provide the salesperson with the following information:
   1. Name
   2. Address
   3. Telephone Number(s) (including area code)

and/or

1. Submit your request for placement on the Do Not Call List and/or Do Not Mail List by calling the Highland Bank Client Services line at 952.858.4888 and speaking to a representative. (Please note: Leaving a message does constitute a formal request to be placed on the Do Not Call/Do Not Mail list.) State that you wish to be placed on the Highland Bank Do Not Call List and/or Do Not Mail List. You will need to provide the representative with the following information:
   1. Name
   2. Address
   3. Telephone Number(s) (including area code)

and/or

1. Submit your request for placement on the Highland Bank Do Not Call List and/or Do Not Mail List in writing. Please include your name, address and telephone number(s) along with a statement indicating that you would like to be placed on the Highland Bank Do Not Call List and/or Do Not Mail List. Send your written request to:

Highland Bank
Attn: Do Not Call/Do Not Mail List
13370 Grove Drive
Maple Grove, MN 55369

We will maintain the telephone number(s), address(es) and name(s) on the Highland Bank Do Not Call List and/or Do Not Mail List for five (5) years.

If a name, telephone number(s) and/or address changes, another request must be submitted to have the new number and/or address added to the Highland Bank Do Not Call List and/or Do Not Mail List.

Any questions regarding Highland Bank’s Do Not Call Policy may be directed to the company address listed in above.