Each depositor insured to at least $250,000 per insured bank



Home > News & Events > Financial Institution Letters




Financial Institution Letters

Safeguarding Examination Information
Updated Procedures Issued for FDIC Examination Staff
FIL-78-2006
August 28, 2006


Summary: The FDIC is enhancing the protection of examination information and other sensitive data, and has issued updated procedures to its examination staff on safeguarding this information.

Highlights:

  • The updated procedures provide additional protection to bank data that may be sensitive as defined by the Gramm-Leach-Bliley Act.
  • The procedures specify minimum standards for the technical, physical and administrative safeguards used to protect examination information.
  • The procedures provide guidance for the implementation of an Information Security Incident Response Program.
  • The procedures are effective immediately.

Continuation of FIL-78-2006

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
Chief Information Security Officer
Chief Information Officer
Legal Counsel

Related Topics:
Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice

Attachment:
Regional Director Memorandum – Safeguarding Examination Information - PDF 65k (PDF Help)

Contacts:
Michael L. Jackson, Associate Director, Technology Supervision Branch, (202) 898-6748;
or Jaime Perez, Chief, Applied Technology Section, (202) 898-6653

Printable Format:
FIL-78-2006 - PDF 40k (PDF Help)

Note:
FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2006/index.html.

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.

Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).



Financial Institution Letters
FIL-78-2006
August 28, 2006

SAFEGUARDING EXAMINATION INFORMATION
Updated Procedures Issued for FDIC Examination Staff

The Federal Deposit Insurance Corporation (FDIC) has issued updated procedures to Division of Supervision and Consumer Protection examination staff as a reminder of the importance of safeguarding examination information whether in paper, electronic or other form. The term "examination information" includes all documentation acquired or created in connection with a bank examination, such as Reports of Examination, examination work papers, bank information, and any sensitive bank customer information, as defined in Section 501(b) of the Gramm-Leach-Bliley Act.

The updated procedures:

  • specify minimum standards for safeguarding examination information, including technical, physical and administrative safeguards.
  • provide guidance for the implementation of an Information Security Incident Response Program that outlines procedures that will be followed when loss, theft or unauthorized access of confidential or sensitive examination information is suspected or detected.
  • incorporate recently issued guidance from the Office of Management and Budget requiring that security incidents involving personally identifiable information be reported within one hour after discovery. Personally identifiable information includes any information maintained by an agency that can be used to distinguish or trace an individual's identity, such as a Social Security number, and date and place of birth. (See Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments, M-06-19, at http://www.whitehouse.gov/omb/.)

These procedures are effective immediately.

Sandra L. Thompson
Acting Director
Division of Supervision and Consumer Protection




Last Updated 09/11/2006 communications@fdic.gov