Answer:
Based on your question, I am assuming you have already assessed the incident to determine what customer information may have been compromised. The findings of your assessment will determine what action steps you or your “response team” must take. Financial institutions are encouraged to implement a response program that will address situations where “sensitive” customer information may have been breached.
According to the Interagency Guidance, “sensitive” customer information is defined as a customer’s name, address, or telephone number in conjunction with the customers social security number, drivers license number, account number, credit or debit card number, personal identification number or password that would permit access to a customers account. Sensitive customer information also includes any combination of components of customer’s information that would allow someone to access the customer’s account.
If the compromised data includes “sensitive” information (regardless of the loss amount), you will need to (1) notify your primary Federal regulator as soon as possible to explaining the situation, (2) take steps to prevent additional unauthorized access to customer information, and (3) work closely with your legal counsel, senior management, and regulator to determine if a SAR is required.
First published on BankersOnline.com 10/03/05
print
share