Guidance on response programs for security breaches.The federal banking and thrift institution regulatory agencies jointly issued on March 23, 2005, Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. The guidance interprets the agencies' customer information security standards The term "standard" is sometimes used within the context of information security policies to distinguish between written policies, standards and procedures. Organizations should maintain all three levels of documentation to help secure their environment. and states that financial institutions should implement a response program to address security breaches involving customer information. The response program should include procedures to notify customers about incidents of unauthorized access to customer information that could result in substantial harm or inconvenience to the customer. The guidance provides that "when a financial institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused." "If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible," the guidance states. However, notice may be delayed if an appropriate law enforcement agency Noun 1. law enforcement agency - an agency responsible for insuring obedience to the laws FBI, Federal Bureau of Investigation - a federal law enforcement agency that is the principal investigative arm of the Department of Justice determines that notification will interfere with a criminal investigation. Under the guidance, a financial institution should notify its primary federal regulator of a security breach involving sensitive customer information, whether or not the institution notifies its customers. The guidance was issued by the Board of Governors of the Federal Reserve System Board of Governors of the Federal Reserve System The managing body of the Federal Reserve System, which sets policies on bank practices and the money supply. , the Federal Deposit Insurance Corporation Federal Deposit Insurance Corporation (FDIC), an independent U.S. federal executive agency designed to promote public confidence in banks and to provide insurance coverage for bank deposits up to $100,000. , the Office of the Comptroller of the Currency The Office of the Comptroller of the Currency (or OCC) was established by the National Currency Act of 1863 and serves to charter, regulate, and supervise all national banks and the federal branches and agencies of foreign banks in the United States. , and the Office of Thrift Supervision The Office of Thrift Supervision (OTS) was established as a bureau of the Treasury Department in August 1989 as part of a major Reorganization Plan of the thrift regulatory structure mandated by the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) (12 U.S.C.A. . |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion