Skip the navigation

New federal rules dictate bank ID theft notifications

The regulations are designed to protect consumers

By Todd R. Weiss
March 24, 2005 12:00 PM ET

Computerworld - The Federal Reserve Board yesterday issued new rules requiring banks and other financial institutions to notify consumers "as soon as possible" when their personal data has been stolen.
In an announcement, the Federal Reserve and three other government banking agencies, including the Federal Deposit Insurance Corp. (FDIC), unveiled their "guidance" on how banks must treat personal information theft under federal laws enacted in 2003.
The rules come at a time when several companies have acknowledged that consumers' personal and sensitive information has either been stolen or accessed inappropriately.
David Barr, a spokesman for the FDIC in Washington, said the agencies spent the past 18 months reviewing the Fair and Accurate Credit Transactions (FACT) Act. The review included input from government officials as well as from security, banking industry and consumer groups and other entities to create the specific rules.
A key requirement is that consumers must now be notified when personal information has been stolen or illegally accessed and there is reason to believe it will be misused. In such cases, the institution must conduct a "reasonable investigation" to determine if the security breach was significant enough to require notification of affected consumers.
"If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible," the rules say. Notice can be delayed, however, if an appropriate law enforcement agency determines that notification will interfere with a criminal investigation.
Specific timelines on how quickly such notice should be given hasn't been established.
A financial institution is also expected to notify its primary federal regulator of a security breach involving sensitive customer information, whether or not the institution notifies its customers.
According to the rules, sensitive customer information includes a customer's name, address or telephone number, in conjunction with the customer's Social Security number, driver's license number, account number, credit or debit card number, or a personal identification number or password that would permit access to the customer's account. The rules also state that such data breaches would include the release of any combination of sensitive data that would allow someone to log into or access a customer's account, such as a username and password or a password and account number.
"The customer notification [provision] is brand new," Barr said. "Banks were not required to do that before, though many had. Now, there's an official mandate that they must."
The new rules took time to develop, Barr said, because they were issued by four agencies working



What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
Additional Resources
Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Gov't Legislation/Regulation White Papers
Activities Streams Base An Integrated Social Layer
The enterprise social software market is exploding thanks to converging trends of consumerization, cloud, and mobile. In this must-read report, "The Forrester Wave:...
Finding the right cloud solutions for your organization
HP is driving the evolution of what we call the Instant-On Enterprise. It is an enterprise that embeds technology into everything it does...
Converged Infrastructure for Dummies
As you know, everything is mobile, connected, interactive, and immediate. This is exactly why organizations need a highly agile IT infrastructure in order...
Measuring the Business Value of CI in the Data Center
One of the key strategies that IT teams are pursuing to reduce capital costs while boosting asset utilization and employee productivity is the...
Seven Priorities for Integrated Network Management - How HP Intelligent Management Center Delivers an Enterprise-class Solution
This white paper describes the major requirements for network management solutions to help the organizations become more profitable, efficient and reliable.

Intel and the...
All Gov't Legislation/Regulation White Papers
Gov't Legislation/Regulation Webcasts
Delivery Management -- Extending Lifecycle Management
Date: Wednesday, June 20, 2012, 1:00 PM EDT

Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs,...
Leverage automation today to reduce IT complexity
Date: Tuesday, June 5, 2012, 2:00 PM EDT

Whether your B2B complexity is caused by multiple technologies due to M&A, business or application specific...
Redefine Expectations in the Data Center
Need to do more with less? Watch this video to learn how HP ProLiant Gen8 servers can help your business deploy servers three...
BMC Control-M - Single Point of Control Demo
With BMC Control-M, you schedule and manage everything - down to the very last platform and application - from one simple interface. It's...
Operational Analytics - Changing the Competitive Dynamics of the Business
Date/Time: June 5, 2012, 11:00 a.m., EDT, 4:00 p.m. BST / 3:00 p.m. UTC

Please join us for this webcast, as Dr. Barry...
All Gov't Legislation/Regulation Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs