Ads by TechWords

See your link here
Receive the latest technology news and information.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

New federal rules dictate bank ID theft notifications

The regulations are designed to protect consumers

March 24, 2005 12:00 PM ET

Computerworld - The Federal Reserve Board yesterday issued new rules requiring banks and other financial institutions to notify consumers "as soon as possible" when their personal data has been stolen.
In an announcement, the Federal Reserve and three other government banking agencies, including the Federal Deposit Insurance Corp. (FDIC), unveiled their "guidance" on how banks must treat personal information theft under federal laws enacted in 2003.
The rules come at a time when several companies have acknowledged that consumers' personal and sensitive information has either been stolen or accessed inappropriately.
David Barr, a spokesman for the FDIC in Washington, said the agencies spent the past 18 months reviewing the Fair and Accurate Credit Transactions (FACT) Act. The review included input from government officials as well as from security, banking industry and consumer groups and other entities to create the specific rules.
A key requirement is that consumers must now be notified when personal information has been stolen or illegally accessed and there is reason to believe it will be misused. In such cases, the institution must conduct a "reasonable investigation" to determine if the security breach was significant enough to require notification of affected consumers.
"If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible," the rules say. Notice can be delayed, however, if an appropriate law enforcement agency determines that notification will interfere with a criminal investigation.
Specific timelines on how quickly such notice should be given hasn't been established.
A financial institution is also expected to notify its primary federal regulator of a security breach involving sensitive customer information, whether or not the institution notifies its customers.
According to the rules, sensitive customer information includes a customer's name, address or telephone number, in conjunction with the customer's Social Security number, driver's license number, account number, credit or debit card number, or a personal identification number or password that would permit access to the customer's account. The rules also state that such data breaches would include the release of any combination of sensitive data that would allow someone to log into or access a customer's account, such as a username and password or a password and account number.
"The customer notification [provision] is brand new," Barr said. "Banks were not required to do that before, though many had. Now, there's an official mandate that they must."
The new rules took time to develop, Barr said, because they were issued by four agencies working



Jump to comments

Legislation/Regulation

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.


IT Jobs