Agencies Propose Rules on Disposal of Consumer Information
June 8, 2004
The federal bank and thrift regulatory agencies today invited public comment on an interagency proposal to require financial institutions to adopt measures for properly disposing of consumer information derived from credit reports.
Current law requires financial institutions to protect customer information by implementing information security programs. The proposed rules would require institutions to make adjustments to their information security programs to properly dispose of the types of consumer information that are not already protected. This would include information from credit reports about a financial institution's employee or about an individual whose application for a product or service is denied.
The agencies’ proposal implements section 216 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). While not imposing significant additional burden, the proposed rules would make amendments to include this new statutory requirement in the Interagency Guidelines Establishing Standards for Safeguarding Customer Information, which were adopted in 2001. The agencies' proposed rules add a new definition of "consumer information" and a provision to require financial institutions to implement appropriate measures to properly dispose of consumer information.
The proposal would take effect three months after a final rule is adopted.
Comments on the proposed guidance are requested within 45 days of its publication in the Federal Register, which is expected shortly. The Federal Register notice is attached.