Federal Bank and Thrift Regulatory Agencies Publish Guide to Help Financial Institutions Comply with Information Security Guidelines
Posted by Peter Mucklestone and Stuart Louie
The federal bank and thrift regulatory agencies recently announced the publication of a compliance guide for the Interagency Guidelines Establishing Information Security Standards (the “Security Guidelines”). The Security Guidelines (i) implement section 501(b) of the Gramm-Leach-Bliley Act (GLB Act) and section 216 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act) and (ii) establish standards relating to administrative, technical, and physical safeguards to ensure the security, confidentiality, integrity and the proper disposal of customer information. The Small-Entity Compliance Guide (the “Compliance Guide”) is intended to help financial institutions comply with the Security Guidelines by summarizing the obligations of financial institutions to protect customer information and by illustrating how certain provisions of the Security Guidelines apply to specific situations.
The Compliance Guide, among other things, provides detailed explanations of the core terms used in the Security Guidelines as well as information to help financial institutions assess risks, design and implement an information security program, properly dispose of customer and consumer information, respond to incidents of unauthorized access to customer information, and oversee service providers that have access to customer information. The Compliance Guide also lists resources that may be helpful in assessing risks and designing and implementing information security programs.
Commentators note, however, that the Compliance Guide is not a substitute for the Security Guidelines as it does not address the applicability of any other federal or state laws or regulations that may pertain to policies or practices for protecting customer records and information.
To review the Compliance Guide or to read more, see here.