Agencies Jointly Request for Comment on Interagency Guidance on Response Programs to Protect Against Identity Theft
August 12, 2003
The Federal bank and thrift regulatory agencies today requested'spublic comment on proposed guidance that would require financial'sinstitutions to develop programs to respond to incidents of unauthorized'saccess to customer information, including procedures for notifying'scustomers under certain circumstances.
'sThe proposed guidance interprets the interagency customer information security's guidelines, issued in February 2001, that require financial institutions to's implement information security programs designed to protect their customers''sinformation. The proposed interpretation describes the components of a response's program and sets a standard for providing notice to customers affected by unauthorized'saccess to or use of customer information that could result in substantial harm's or inconvenience to those customers, thereby reducing the risk of losses due'sto fraud or identity theft.
The proposed guidance states that "an institution should's notify affected customers when it becomes aware of unauthorized'saccess to sensitive customer information unless the institution,'safter an appropriate investigation, reasonably concludes that misuse's is unlikely to occur and takes appropriate steps to safeguard the's interests of affected customers, including monitoring affected's customers' accounts for unusual or suspicious activity."
The Board of Governors of the Federal Reserve System, the Federal'sDeposit Insurance Corporation, the Office of the Comptroller of's the Currency, and the Office of Thrift Supervision are requesting's public comment on all aspects of this proposal, including whether's the agencies have identified the appropriate standard for financial's institutions to provide notice to their customers.
Comment on the proposed guidance is requested by October 14, 2003. Specific information on how to file a comment is contained in the's Federal Register notice.