FDIC Proposes Guidelines Telling Banks to Notify Customers of Breaches

SANS Newsbites informed me of a Washington Post article on the Federal Deposit Insurance Corporation's plans for new banking guidelines. From the story:

"Under the proposal, banks and other financial institutions would alert customers by mail, telephone or e-mail, when they find unauthorized access to personal data that could result in substantial harm or inconvenience. Banks also would be told to flag any accounts that may have been compromised and monitor them for unusual or suspicious activity."

This marks a significant break from standard practice. In the past banks had latitude to keep things quiet, at the discretion of the board and legal counsel. Of course, the details of the guidelines must dictate what constitutes "unauthorized access" and "personal data" and "substantial harm or inconvenience." Stay tuned.


Popular posts from this blog

MITRE ATT&CK Tactics Are Not Tactics

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4