Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.

GUIDANCE ON IDENTITY THEFT RESPONSE PROGRAMS



TO: CHIEF EXECUTIVE OFFICER
SUBJECT: Federal Bank and Thrift Regulatory Agencies Seek Comment on Interagency Guidance on Identity Theft Response Programs
Summary: The federal bank and thrift regulatory agencies are seeking comment on proposed interagency guidance on financial institutions' response programs for unauthorized access to customer information and customer notice. The guidance describes the agencies' expectations that response programs address the compromise of sensitive customer information, including when to notify affected customers.

The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision are seeking comment on the attached joint proposed guidance on financial institutions' response programs for unauthorized access to customer information and customer notice. Comments on the proposed guidance are due by October 14, 2003.

The proposed guidance interprets the FDIC's customer information security guidelines (12 CFR 364, app. B) and describes the FDIC's expectation that financial institutions should implement a response program to address the possible compromise of sensitive customer information. The response program should include written notice to customers in the event their sensitive customer information is compromised, unless the financial institution - after an appropriate investigation - reasonably concludes that misuse is unlikely to occur and takes appropriate steps to safeguard the interests of affected customers, including monitoring affected customers' accounts for unusual or suspicious activity.

Public comment is sought on all aspects of this proposal, including the potential burden posed by the information collection under the Paperwork Reduction Act of 1995. The submission of thoughtful comments on this important issue will assist the agencies in finalizing the guidance. Information on how to file comments is included in the attached Federal Register notice.

For more information, please contact Jeffrey M. Kopchik, Senior Policy Analyst, at (202) 898-3872, or Robert Patrick, Counsel, at (202) 898-3757.

For your reference, FDIC Financial Institution Letters may be accessed from the FDIC's Web site at www.fdic.gov/news/financial-institution-letters/2003/index.html . To learn how to automatically receive FDIC Financial Institution Letters through e-mail, please visit www.fdic.gov/news/news/announcements/index.html .

Michael J. Zamorski
Director

Attachment: August 12, 2003, Federal Register, pages 47954-47960
PDF (64.7 KB File - PDF Help or Hard Copy )

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC’s Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342, option 5, or (703) 562-2200).


Last Updated: August 12, 2003