New Rule Requires Banks To Disclose IT Security Breaches

Apr 1, 2005 12:00 PM

Four federal agencies have issued rules requiring U.S. banks to inform customers when their personal data has been made public because of an information security breach.

The rules, issued by the FDIC (Federal Deposit Insurance Corporation), the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS), is based on the Gramm-Leach-Bliley (GLB) Act.

The agencies told banks to implement a response program to warn consumers when information has been accessed without authorization if that “could result in substantial harm or inconvenience to the customer.”

Additionally, the bank “should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. If the institution determines that misuse of its information about a customer has occurred or is reasonably possible,” it should notify the customer.

The GLB Act, finalized in 1999, requires financial institutions to adopt strict privacy measures relating to their customers' information. The GLB Act requires all financial institutions to protect against unauthorized access to customer records that could result in harm or inconvenience to any customer. It also requires them to establish an information security program to assess and control risks to clients.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue