ADOPTION OF GUIDELINES FOR CUSTOMER INFORMATION SECURITY.

The federal bank and thrift regulatory agencies regulatory agency

Independent government commission charged by the legislature with setting and enforcing standards for specific industries in the private sector. The concept was invented by the U.S. have sent to the Federal Register joint guidelines guidelines,
n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. for safeguarding confidential customer information. The guidelines implement section 501(b) of the Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act, also known as the Gramm-Leach-Bliley Financial Services Modernization Act, Pub. L. No. 106-102, 113 Stat. 1338 (November 12, 1999), is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition (GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999)
GLBA Gay and Lesbian Business Association
GLBA Great Lakes Booksellers Association
GLBA Glacier Bay National Park and Preserve ) and will be effective on July 1, 2001.

The GLBA requires the agencies to establish standards for financial institutions relating to relating to relate prep → concernant

relating to relate prep → bezüglich +gen, mit Bezug auf +acc administrative, technical, and physical safeguards for customer records and information. These safeguards are to ensure the security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security or integrity of these records, and protect against unauthorized access to or use of these records or information that would result in substantial harm or inconvenience to a customer.

The guidelines require financial institutions to establish an information security program to (1) identify and assess the risks that may threaten customer information; (2) develop a written plan containing policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental to manage and control these risks; (3) implement and test the plan; and (4) adjust the plan on a continuing basis to account for changes in technology, the sensitivity of customer information, and internal or external threats to information security. Each institution may implement a security program appropriate to its size and complexity and the nature and scope of its operations.

The guidelines outline specific security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising"
security that institutions should consider in implementing a security program. A financial institution must adopt those security measures determined to be appropriate.

The guidelines also outline responsibilities of directors of financial institutions in overseeing the protection of customer information. The board of directors should oversee an institution's efforts to develop, implement, and maintain an effective information security program and approve written information security policies and programs.

The guidelines require financial institutions to oversee their service provider arrangements in order to protect the security of customer information maintained or processed by service providers. Each institution must exercise due diligence Research; analysis; your homework. This term has caught on in all industries, because it sounds so "wired." Who would want to do analysis or research when they can do due diligence. See wired. in selecting its service providers and require its service providers by contract to implement security measures that safeguard customer information. When indicated by an institution's risk assessment, the institution must also monitor its service providers by reviewing audits, summaries of test results, or other equivalent evaluation of its service providers, to confirm that they have satisfied their contractual obligations.

COPYRIGHT 2001 Board of Governors of the Federal Reserve System
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Federal Reserve Bulletin
Article Type:	Brief Article
Geographic Code:	1USA
Date:	Mar 1, 2001
Words:	370
Previous Article:	ISSUANCE OF GUIDANCE ON SUPERVISION OF SUBPRIME LENDING.(Brief Article)
Next Article:	REPORT ON FEASIBILITY OF MANDATORY SUBORDINATED DEBT.(Brief Article)
Topics:	Banking industry Laws, regulations and rules Confidential communications Safety and security measures Federal Reserve banks Laws, regulations and rules

Related Articles
Investing excess cash: reducing speculation.
International Standards and Best Practices in RIM.
Author Guidelines for Electronic References.
Submitting Manuscripts.
A LETTER FROM THE NEW EDITOR.
XMS 2.0 From Vividence. (Technology Highlights).(Product Announcement)
GUIDELINES PROVIDE DIRECTION IN RIGHT-TO-DIE CASES.(EDITORIAL)(Editorial)
The inside line: tracking PR results: how to determine if your campaign is working.(Marketing)
Information for authors.
Developing JMHC content-related submission guidelines.