Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Federal Register Publications

FDIC Federal Register Citations



 Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations



FDIC Federal Register Citations

Dairyman's State Bank

From: Nancy Carli
Sent: Thursday, August 05, 2004 9:28 AM
To: regs.comments@federalreserve.gov; Comments; regs.comments@occ.treas.gov; regs.comments@ots.treas.gov
Subject: EGRPRA-Privacy of Consumer Financial Information/Safegaurding Customer Information

I believe both of the subjects listed are included in Information Security, which has become an extremely cumbersome area. We are a small bank, under $100 million. We do not share customer information. Period. But with regulators wanting us to document how we don’t give out customer information, perform annual (or more frequent) risk assessments showing how we don’t give out customer information, testing our procedures to prove we don’t give out customer information, developing written policies stating that we don’t give out customer information, and repeatedly training our already well seasoned staff not to give out customer information is getting burdensome, time consuming, and redundant.

I believe that, since we do not share information in any way that a customer could opt out of, we should be able to give the customer a notice when we open an account telling them our privacy policy and not have to continually send annual notices. I believe those are a waste of time and money; most customers just toss them in the garbage without even reading them, since they get so many from their other institutions.

I believe we should have a privacy program, an information security program, OR a risk assessment; not all three. Information security and risk are already covered by a number of other bank policies like its Information Technology Policy, Security Policy, Disaster Recovery, etc. However, examiners are insisting that we reiterate the bank’s practices in yet another policy/program. Our employees are informed that they must adhere to bank policies or they could be penalized or fired. I feel that additional testing is not worth the time.

I know these measures have come about to attempt to address identity theft, but I don’t think this will prevent it from happening. I can test all of my employees today, and they will do their jobs correctly and protect the customer’s privacy, then tomorrow they could get a call and let slip some information. We may never give out a customer’s information, but when the customer does, and they become victims of identity theft, it somehow becomes our fault.

Each of my staff attends several training seminars outside of the bank each year. Each of these seminars, regardless of topic, addresses customer information privacy. I discuss with each of my departments the need for customer privacy during the year. I feel that the requirement of annual training besides all this other information is too much.


Nancy Carli
Compliance Officer
Dairyman's State Bank
135 S. Main St.
Clintonville, WI 54929


 

Last Updated 08/06/2004 regs@fdic.gov

Last Updated: August 4, 2024