skip navigation

Tuesday, September 23, 2014

[ – ] Text Size [ + ]  |  Print Page

Circular Letters

Circular Letter 5659

March 31 , 2005

To: All Member Banks and Others Concerned in the Third Federal Reserve District

Attention: Chief Executive Officer and Chief Financial Officer

Subject: Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice.

Summary:

The Board of Governors of the Federal Reserve System and the other federal bank and thrift regulatory agencies have jointly issued Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice.

 The guidance interprets the agencies’ customer information security standards and states that financial institutions should implement a response program to address security breaches involving customer information. The response program should include procedures to notify customers about incidents of unauthorized access to customer information that could result in substantial harm or inconvenience to the customer.

The guidance provides that, “when a financial institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused.” If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible, the guidance provides. However, notice may be delayed if an appropriate law enforcement agency determines that notification will interfere with a criminal investigation.

Under the guidance, a financial institution should notify its primary federal regulator of a security breach involving sensitive customer information, whether or not the institution notifies its customers.

The Federal Register notice, published March 29, 2005.

Date: The guidance is effective March 29, 2005.

For Further Information: Donna L. Parker, Supervisory Financial Analyst, Division of Banking Supervision & Regulation, (202) 452-2614; or Joshua H. Kaplan, Attorney, Legal Division, (202) 452-2249, at 20 th and C Streets, NW., Washington, DC 20551.