To All Depository Institutions and Others Concerned in the Second Federal Reserve District:
In a press release, the federal bank and thrift agencies requested public comment on proposed guidance that would require financial institutions to develop programs to respond to incidents of unauthorized access to customer information, including procedures for notifying customers under certain circumstances.
The proposed guidance interprets the interagency customer information security guidelines, issued in February 2001, that require financial institutions to implement information security programs designed to protect their customers' information. The proposed interpretation describes the components of a response program and sets a standard for providing notice to customers affected by unauthorized access to or use of customer information. This would result in reducing the risk of losses due to fraud or identity theft.
The Federal Reserve Board, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision are requesting public comment on all aspects of this proposal, including whether the agencies have identified the appropriate standard for financial institutions to provide notice to their customers.
Comment on the proposed guidance is requested by October 14, 2003. Specific information on how to file a comment is contained in the Federal Register notice.
Questions on this matter may be directed at this Bank to Barbara Yelcich, Examining Officer, Risk Management Function.