A Customer-Friendly Email Policy
by Mary Beth Guard
Question: We are finalizing our internet site for roll out to the public and have had the compliance company we use and our primary regulator review our site in the past few weeks. They have suggested that we include some language on our email (Contact Us) page that instructs our customers not to send confidential information in the email messages. They suggested they write or call the bank instead.
We agree we need some language to alert our customers to the potential problems of sending confidential information, but at the same time, we do not want to scare anyone. Could you share some appropriate language for this sort of situation?
Answer: What you may want to do, in light of your desire not to scare anyone, is make it clear that it is Internet email in general, and not your system in particular, that has the vulnerability.
On its TCB (The Checkers Bank) bank Web site simulation page, the Federal Reserve uses the following language for the bank:
"Notice: Information sent by Email is at risk of loss of confidentiality if the information is transmitted over the internet. We do not recommend sending confidential information such as account numbers or social security numbers by Email. You can contact The Checkers Bank directly at (123) 456-7890."
You could instead say something like:
"Notice: Because there is a small risk that information transmitted via Internet email could fall into the wrong hands, we suggest that confidential information, such as account numbers or social security numbers, not be transmitted via email. Instead, please contact our bank directly at _________________."
I think most customers are sophisticated enough to understand that a minor error in addressing an email, or an ambitious hacker, could destroy the confidentiality of emailed information.
Originally appeared in the Oklahoma Bankers Association Compliance Informer.
First published on BankersOnline.com 9/10/01
First published on 09/10/2001