BANKING AGENCIES ISSUE GUIDE ON INFORMATION SECURITY

The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency and Office of Thrift Supervision issued a compliance guide for the Interagency Guidelines Establishing Information Security Standards(Security Guidelines) issued by the agencies in March 2005. See 70 F.R. 15736 (Mar. 29, 2005). The compliance guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations. In addition, the compliance guide provides explanations of the terms used in the Security Guidelines and information to help financial institutions assess risks, design and implement an information security program, property dispose of customer and consumer information, respond to incidents of unauthorized access to customer information and oversee service providers that have access to customer information. For example, the compliance guide provides that to determine the sensitivity of customer information an institution could develop a framework that analyzes the relative value of this information to its customers based on whether improper access to or loss of the information would result in harm or inconvenience to them. The compliance guide is available on the websites of the federal banking agencies.

Elizabeth Anstaett