You stated that you 'audited' customer information - if you are the auditor, or a compliance officer, and you were performing your duties to ensure that the bank is in compliance with its Information Security Policy, its Privacy Act Policy, etc - then you are doing your job - it would be offputting to me, as it likely is to you, that management is not supporting an endeavor to educate staff and protect both the bank and it's customers from identity theft.
Sounds like training is necessary all the way to the top levels.
Understanding your job responsibilities would help in commenting - feel free to add to the post here, or PM me for information about working with the Audit Committee, etc.
_________________________
My comments are absolutely no reflection of, nor influenced by, my employer - take them at your own risk.