Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations

WISCONSIN BANKERS ASSOCIATION

July 23, 2004

Jennifer J. Johnson, Secretary
Board of Governors of the Federal
Reserve System
20th Street and Constitution Avenue, NW
Washington, DC 20551
Attention: Docket No. R-1199

Office of the Comptroller of the Currency
250 E Street, SW
Public Reference Room
Mail Stop 1-5
Washington, DC 20219
Attention: Docket No. 04-13

Robert E. Feldman
Executive Secretary
Federal Deposit Insurance Corporation
550 17th Street, NW
Washington, DC 20429
Attention: RIN No. 3064-AC77

Regulation Comments
Chief Counsel's Office
Office of Thrift Supervision
1700 G Street, NW
Washington, DC 20552
Attention: Docket No. 2004-26

Re: Docket No. R-1199; Docket No. 04-13; RIN # 3064-AC77; No. 2004-26

Dear Sir or Madam:

The Wisconsin Bankers Association (WBA) is the largest financial institution trade association in Wisconsin, representing over 300 state and nationally chartered banks, savings and loans associations, and savings banks located in communities throughout the State.

The WBA appreciates the opportunity to comment on the proposed rule issued by the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), and the Office of Thrift Supervision (OTS) (hereinafter, the Agencies), concerning the implementation of section 216 of the Fair and Accurate Credit Transaction Act of 2003 (FACT Act), which amends the Fair Credit Reporting Act (FCRA) by creating a new section 628. The proposed rule would require financial institutions to develop, implement, and maintain appropriate measures to properly dispose of "consumer information." The FACT Act mandates that the Agencies' regulations be consistent with the Gramm-Leach-Bliley Act (GLB Act), as well as other federal laws.

The WBA recognizes the importance of creating and implementing reasonable measures to protect consumers in general, as well as customers, from the unauthorized access and use of personal private financial information. Therefore, to this end, the WBA supports the proposed amendments to the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (Guidelines). The WBA, nevertheless, would like to direct the Agencies' attention to the following issues created by the Guidelines as currently written.

The Definition Of "Consumer Information" Is Exceedingly Broad And The Agencies Should Further Clarify The Interpretation Of The Statutory Phrase "Derived From Consumer Reports."

First, the proposed language defines "consumer information" as "any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report and that is maintained or otherwise possessed by or on behalf of the bank for a business purpose." The definition also encompasses a compilation of such records. The WBA believes that the use of the word "any," without more, and in conjunction with the statutory phrases "derived from a consumer report" and "compilation of such records" is exceedingly broad. Thus, literally any record a financial institution has which is derived from a compilation of consumer report data, but which contains no nonpublic personally identifiable information would end up being disposed of pursuant to guidelines intended to protect the security, confidentiality, and integrity of sensitive nonpublic information. Mandating that "consumer information" must have personally identifiable information would eliminate ambiguities associated with the phrase "any record about an individual."

Second, the WBA believes that the current attempt to distinguish between "customer" and "consumer" information does not espouse the interests of consistency and clarity. The WBA appreciates the Agencies' attempt to explain the difference between these two terms; however, the Agencies noted that the definitions "will sometimes overlap, but will not always coincide." Operationally this has the potential to become confusing and problematic for the employees of the affected institutions, as they are the individuals that ultimately put theory into practice.

The WBA believes consistency and clarity require that the same definition be used for both, "customer" and "consumer," the common element between these two being the sensitive issue of nonpublic personally identifiable information. In defining "customer information", part I, section C.2.c. of the current Interagency Guidelines Establishing Standards for Safeguarding Customer Information relies on Regulation P, 12 CFR 216.3(n), to define "nonpublic personal information." The definition, incorporated herein as Appendix A*, centers around "personally identifiable information." The definition for "consumer information" should also have this very important phrase. Using this phrase in the definition would promote clarity and consistency, and would build upon the practical and legal knowledge institutions have already acquired with respect to "personally identifiable information."

Third, the actual language of the proposed rule does not define "derived from a consumer report." The supplementary information, however, does provide a very useful description of the scope and meaning of the statutory phrase. The WBA believes the Agencies were heading in the right direction in anticipating this issue and in specifically requesting comments about this statutory phrase. The Agencies should incorporate examples or substantive language suitable for the Guidelines' current format. The WBA believes that the use of Regulation P's "nonpublic personal information" in the definition of "consumer information" would bring into sharper focus the scope of the statutory phrase in question.

The Proposed Rule's Current Language May Impose More Requirements In Wisconsin Than Under Current State Law

Absent explicit language about personally identifiable information, the WBA believes that the proposed rule would impose stricter requirements than the current requirements of Wisconsin law. Our State law is very specific, whereas the language of the proposed rule is more general in substance. Section 895.505 of the Wisconsin Statutes, in relevant part, incorporated herein as Appendix B*, enumerates four different procedures financial institutions must follow in order to dispose of records containing personal information. These requirements more or less follow the requirements of the Guidelines. The only point of contention results from our statute defining "personal information" and the proposed rule not limiting the scope of the information to records containing sensitive information. As the WBA pointed out above, the scope of the proposed rule, as drafted, would reach records that do not contain sensitive format. Since the proposed rule, without modification, will likely impose unnecessary additional obligations not required under Wisconsin law, the WBA urges the Agencies to amend the definition of "consumer information" to include personally identifiable information. If that were done, the definition of "consumer information" would be consistent with the definition of "customer information" and Wisconsin State law.

The Proposed Rule Should State That "Dispose" Or "Disposal" Excludes The Sale Or Transfer Of Records For Value.

Current Wisconsin law, Wis. Stat. § 895.505, defines "dispose" as "not includ[ing] a sale of record or the transfer of a record for value." The Federal Trade Commission's (FTC) version of the proposed rules addresses this point by defining "dispose" and "disposal." The FTC was urged to clarify that "dispose" or "disposal" does not include the sale, donation, or transfer for value of consumer information. Absent that clarification, current information sharing arrangements would be disrupted.

The Agencies' version does not address this point. The WBA, therefore, encourages the Agencies to define the word "dispose" and "disposal" to exclude the sale or transfer for value of records or media containing personally identifiable information. The current version of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information does not explicitly define this term. Without clarification, it would be possible to argue that "disposal" or "dispose" includes the sale, donation, or transfer of consumer information pursuant to sharing arrangements. The WBA is concerned that such an interpretation may disrupt current information sharing arrangements.

Finally, interagency coordination should result in assuring that any financial institution subject to examination under the Guidelines by one of the Agencies is not mandated to comply with the obligations under the FTC's disposal rule even if there is joint jurisdiction.

Conclusion

The WBA directs the Agencies' attention to a number of issues. First, the proposed "consumer information" definition, without referring to personally identifiable information, is exceedingly broad. Second, the Agencies' attempt to distinguish between "consumer" and "customer" information is confusing and problematic. The definition of "consumer information," just as in the definition of "customer information," should refer to personally identifiable information. These changes, if made by the Agencies, would facilitate the operations of Wisconsin financial institutions because the Guidelines would be consistent with our State law. Third, the Guidelines should include language or examples that elaborate on the "derived from consumer report" statutory phrase. The use of personally identifiable information in the language or examples would bring the scope of the phrase into sharper focus. Finally, the Agencies should define the word "disposal" to exclude the transfer for value or sale of records or media containing such records. The WBA appreciates the opportunity to comment on the proposed rule issued by the Agencies and generally supports the proposed amendments to the Guidelines, subject to the noted changes.

Sincerely

Kurt R. Bauer
Executive Vice President/CEO
Wisconsin Bankers Association
4721 South Biltmore Lane
Madison, WI 53718


* Attachments not posted here.  For copies of the Attachments contact the FDIC Public Information Center at http://www.fdic.gov/news/publications/PIChardcopies.html

Last Updated 07/30/2004 regs@fdic.gov

Skip Footer back to content