Banking Regulators Issue Data Breach Rules

Share this article:
Four federal agencies responsible for regulating financial institutions issued new rules last week regarding breaches of personal information.


The Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Office of Thrift Supervision jointly announced the rules March 23. They also released a 66-page guidance document, "Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice."


Effective immediately, the rules mandate that financial institutions implement a response program to address security breaches of personally identifiable customer information, including notification of consumers when substantial harm or inconvenience is likely.


After assessing the situation, "If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible," according to the guidance.


Regardless of whether consumer notification is warranted, institutions must notify their primary federal regulator of all security breaches involving sensitive customer information under the rules. However, notification may be delayed for law enforcement purposes.


Though the rules do not apply to ChoicePoint, LexisNexis or other data companies that have suffered breaches recently, they do apply to Bank of America. The financial institution made news in late February when it said that some of its computer data tapes containing personal and account information for 1.2 million federal government charge card program customers were lost during shipment to a backup data center.


Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters


Share this article:
close

Next Article in Database Marketing

Sign up to our newsletters

Follow us on Twitter @dmnews

Latest Jobs:

Featured Listings

More in Database Marketing

What's H-appending? DiscoverOrg Taps Marketo's Webhooks

What's H-appending? DiscoverOrg Taps Marketo's Webhooks

Cloud-based marketing automation behemoth Marketo joins forces with marketing intelligence company DiscoverOrg to improve its data collection capabilities.

A Toast to Marketing Attribution

A Toast to Marketing Attribution

Vino accessories and storage company Wine Enthusiast indentifies top and underperforming affiliates using algorithmic marketing attribution.

Q&A: When (and How) to Bust Down the Data Door

Q&A: When (and How) to Bust Down the ...

Some people run into issues with trying to build the perfect solution when often an 80% solution will do, says MailChimp's chief data scientist.