The Federal bank and thrift regulatory agencies today
requested public comment on proposed guidance that would require financial
institutions to develop programs to respond to incidents of unauthorized access
to customer information, including procedures for notifying customers under
certain circumstances.
The proposed guidance interprets the interagency customer
information security guidelines, issued in February 2001, that require
financial institutions to implement information security programs designed to
protect their customers information.
The proposed interpretation describes the components of a response
program and sets a standard for providing notice to customers affected by
unauthorized access to or use of customer information that could result in
substantial harm or inconvenience to those customers, thereby reducing the risk
of losses due to fraud or identity theft.
The proposed guidance states that an institution should
notify affected customers when it becomes aware of unauthorized access to
sensitive customer information unless the institution, after an appropriate
investigation, reasonably concludes that misuse is unlikely to occur and takes
appropriate steps to safeguard the interests of affected customers, including
monitoring affected customers accounts for unusual or suspicious activity.
The Board of Governors of the Federal Reserve System, the
Federal Deposit Insurance Corporation, the Office of the Comptroller of the
Currency, and the Office of Thrift Supervision are requesting public comment on
all aspects of this proposal, including whether the agencies have identified
the appropriate standard for financial institutions to provide notice to their
customers.
Comment on the proposed guidance is requested by October 14,
2003. Specific information on how to
file a comment is contained in the Federal Register notice.
# # #
Attachment
Media Contacts:
Federal Reserve Andrew Williams (202) 452-2955
FDIC Phil
Battey (202)
898-6993
OCC Bob
Garsson (202) 874-5770
OTS Chris
Smith (202)
906-6677