Banking Regulators Issue Data Breach Rules

Share this content:
Four federal agencies responsible for regulating financial institutions issued new rules last week regarding breaches of personal information.


The Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Office of Thrift Supervision jointly announced the rules March 23. They also released a 66-page guidance document, "Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice."


Effective immediately, the rules mandate that financial institutions implement a response program to address security breaches of personally identifiable customer information, including notification of consumers when substantial harm or inconvenience is likely.


After assessing the situation, "If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible," according to the guidance.


Regardless of whether consumer notification is warranted, institutions must notify their primary federal regulator of all security breaches involving sensitive customer information under the rules. However, notification may be delayed for law enforcement purposes.


Though the rules do not apply to ChoicePoint, LexisNexis or other data companies that have suffered breaches recently, they do apply to Bank of America. The financial institution made news in late February when it said that some of its computer data tapes containing personal and account information for 1.2 million federal government charge card program customers were lost during shipment to a backup data center.


Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters


Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here