My bank is exploring the possibility of putting safe deposit boxes in the lobby similar to a post office box. I outlined the obvious SDB101 hazards including lack of secure storage, lack of dual control, potentially public viewable contents, the potential threat to proper documentation of access and liability. Are you able to quote a law or regulation that outlines and requires such prudent safekeeping practices?
by By Thomas Oscherwitz, Vice President of Government Affairs, Chief Privacy Officer, ID Analytics
What are the rules for security envelopes when mailing items from the bank? Can they just be security envelopes or do they need the FDIC logo as part of the security print? Do we need to print "member FDIC" on promotional items such as pens, pizza cutters and magnets?
I have attended the Security Institute and have a question. Should security know if an employee is going through a foreclosure? In these desperate times people may become capable of desperate measures, but their personal privacy is also important. How do we handle this from a security standpoint?
Can we place a surveillance camera at the entrance or in the area approaching our safe deposit box vault? We don't want to violate any privacy issues.
During 2007 Security Officers Training in Philadelphia, someone spoke about the "Clean Desk Act". Can you tell me where I can find information on this and do any of the regulatory agencies have specific regulations on this?
When would it be necessary to include a speed bump on a bank web site when moving from the bank web page to other pages such as mortgage or investment affiliates?
Do you know where I can find information in regard to any law or regulation that may be in existence that requires you to have signs posted to tell the public that they are under video surveillance? We just did a major upgrade to our security cameras and installed a big screen TV in each of our offices. I was not sure if I am required under any law or regulation that signs need to be posted for the public view.
Our e-newsletter program is brand new to us. If we provide a link to an external site that is not co-branded with our bank, are we required to have a speed bump? If so, what is the bare minimum we need to say? The reason I am asking is that we have a speed bump in place on our web site and it is quite lengthy. In this instance, if I were to add the speed bump, it actually has more content in it than our e-newsletter. I do receive e-newsletters from other banks and they do not have speed bumps. Since this area is new to us, I want to have policies in effect as we go forward.