FDIC RIN: 3064-AC77
Dear Sir:
Thank you for this opportunity to comment on this proposed rule change.
With the continued onslaught of Identity Theft, safeguarding customer
information has become a high priority to banking.
It would seem that proper disposal of customer information would not
require
lengthy, burdensome regulations, as it is almost a common sense procedure.
However, most of us understand that it is the simple day-to-day functions
that are most often neglected. I am of course referring to our trash.
Having said this I would like to comment on a few of the proposed
regulation
changes.
First, the term "service provider" may
be a bit vague. Does this include
janitorial services, building and office equipment maintenance contracts?
There are many different type of service providers in the banking
environment that come into contact with documents that are being disposed
of
or otherwise in view.
Second, the provision in paragraph II.B., which mandate each financial
institution to contractually require its service providers to develop
appropriate measures for the proper disposal of consumer information
and,
where warranted, to "monitor" its service providers to
confirm that they
have satisfied their contractual obligations, may be impossible to
comply
with. Can the Agencies give some guidance on how to monitor this function
an under what conditions warrant monitoring? Banks that contract with
document disposal services are taking a huge risk of allowing their
customers to become victim to identity theft. Once the document(s)
leave
the bank, there is no control. The argument that the disposal company
is
bonded misses the point. Being bonded does not provide sufficient
safeguards that the documents are not going to be misused. Once an
identify
theft has occurred, the fact that a disposal service is bonded doesn't
mitigate the damage that has been caused to the customer and the reputation
of the bank. How does the bank monitor this?
A one-year period for modification of agreements with service providers
seems appropriate.
The use of the statutory
phrase "proper disposal" would
be sufficiently
clear as long as the phrase is tied to existing guidelines and give
some
direction as to appropriate disposal methods.
Thank You
Richard Wilkinson, Internal Auditor
Bank Consultants Inc.
Carlsbad, NM