Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Compliance

01:11 PM
Connect Directly
RSS
E-Mail
50%
50%

Feds Rule Banks Must Tell Customers Of Security Gaffes

Four federal agencies this week issued rules to U.S. banks that require them to inform customers when their personal data has been made public because of a security breach.

Four federal agencies this week issued rules to U.S. banks that require them to inform customers when their personal data has been made public because of a security breach.

The rules were issued by the FDIC (Federal Deposit Insurance Corporation), the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS).

Basing the rule on their interpretation the Graham-Leach-Bliley Act, the agencies told banks that they must implement a response program to warn consumers when information has been accessed without authorization if that "could result in substantial harm or inconvenience to the customer," the new rules, called a "guidance," said.

Additionally, the bank "should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused," continued the new rules. "If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible."

The financial and data collection sectors have been blasted by consumers and Congress alike for a recent spate of high-profile data security failures. In February, backup tapes containing credit card account information on some 1.2 million government workers, including over half of the Senate's members, were lost or stolen from a commercial airline flight. Data collection companies ChoicePoint and LexisNexis have both disclosed security breaches that involved the possible theft of thousands of consumer identities.

The new rules are available in their entirety as a PDF from the OCC Web site.

Register for Bank Systems & Technology Newsletters
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.