Banks ordered to tell customers about breaches By Robert Lemos http://news.com.com/Banks+ordered+to+tell+customers+about+breaches/2100-7348 _3-5635399.html
Story last modified Thu Mar 24 17:46:00 PST 2005 Four federal finance agencies have issued rules that force banks to tell customers when their personal data has been exposed. The regulations, published on Wednesday, arise from the agencies' interpretation of several provisions of the Gramm-Leach-Bliley Act. Those GBLA provisions call on financial institutions to prevent unauthorized access and use of customer information and to address any such incidents that do occur. "We do expect our institutions to follow this guidance," said David Barr, spokesman for the Federal Deposit Insurance Corporation, or FDIC, one of the agencies involved. "Whenever we examine institutions, we will look at...whether they have these consumer safety measures in place." The finance industry and the data-collection industry are reeling from the fallout from several recent high-profile data leaks. In late February, financial services giant Bank of America alerted government workers that backup tapes containing their sensitive data had gone missing. In addition, data brokers LexisNexis and ChoicePoint have revealed large-scale data leaks. The latest government rules say that if a bank becomes aware of "an incident of unauthorized access to sensitive customer information," the institution should investigate. They also require the company to notify account holders quickly if it's "reasonably possible" that the personal details will be misused. The regulations apply to banks and savings and loan institutions, and not to credit unions, which fall under a different agency, the National Credit Union Administration. The regulations only cover nonpublic consumer information, not details on businesses or commercial accounts. The rules were established after a period of public comment and partly resemble California's Security Breach Information Act, which requires all companies to notify consumers when sensitive personal information may have been compromised. Other finance industry agencies issuing the regulations are the Office of the Comptroller of Currency and the Office of Thrift Supervision, both part of the Treasury Department. The Board of Governors of the Federal Reserve System also authored the new guidelines. Copyright �1995-2005 CNET Networks, Inc. All rights reserved. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
