October 1, 2003
Mr. Robert Feldman
Executive Secretary
Federal Deposit Insurance Corporation
Attention: Comments/OES
550 17th Street NW
Washington, D.C. 20429-0002
Dear Mr. Feldman:
I am writing in strong support of your proposed regulations to require
that financial institutions promptly notify customers when sensitive
personal information held by such firms has been compromised. This proposal
mirrors the intent of legislation I have introduced in the 107th and 108th
sessions of Congress, the Identity Theft Consumer Notification Act. I
believe that this requirement is essential to aiding consumers who become
vulnerable to identity theft.
In May 2002, I was made aware of a situation in which an employee of a
bank in my home state of Wisconsin stole the personal information of
hundreds of customers and sold this data to a ring of identity thieves.
However, as there was no legislative or regulatory requirement that these
customers be promptly notified of this breach of privacy, affected
individuals were not told that their information had been compromised until
eight months after the bank employee stole their personal information. By
that time, many had become victims of identity theft, an outcome that easily
could have been avoided had their bank quickly notified them that a crime
had taken place and what steps could be taken to mitigate any damage.
In response, I introduced the Identity Theft Consumer Notification Act, a
bill whose main provision would require prompt notification of financial
institution customers if their information was compromised due to the
actions of an employee or computer hacking attack. In addition, my
legislation would require financial institutions to provide assistance to
remedy the situation and reimburse the victim for any losses that were
incurred.
The proposed Guidance published in the August 12, 2003, Federal Register
is a step in the right direction. The incidence of identity theft continues
to increase, and annually causes billions in damages to individuals and
businesses. Timely notification of the breach of sensitive information will
enable affected individuals to take action to prevent identity thieves from
misusing the victim's personal information. As a result, it could save
untold numbers of Americans from the expensive and arduous task of repairing
damage done to their credit and financial record.
While I continue to believe that the response program in this proposed
Guidance should be codified by an act of Congress, I am pleased that the
Office of the Comptroller of the Currency, the Board of Governors of the
Federal Reserve System, the Federal Deposit Insurance Corporation, and
Office of Thrift Supervision have taken action to better safeguard Americans
from the crime of identity theft. It is my hope that the concerned
regulatory agencies will quickly implement this proposal in final
regulations.
Sincerely,
Jerry Kleczka
Member of Congress
4th District, Wisconsin
|