Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.
Financial Institution Letter

Safeguarding Examination Information Updated Procedures Issued for FDIC Examination Staff

August 28, 2006
Notes
 
Summary: The FDIC is enhancing the protection of examination information and other sensitive data, and has issued updated procedures to its examination staff on safeguarding this information.

Highlights:

  • The updated procedures provide additional protection to bank data that may be sensitive as defined by the Gramm-Leach-Bliley Act.
  • The procedures specify minimum standards for the technical, physical and administrative safeguards used to protect examination information.
  • The procedures provide guidance for the implementation of an Information Security Incident Response Program.
  • The procedures are effective immediately.

Continuation of FIL-78-2006

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
Chief Information Security Officer
Chief Information Officer
Legal Counsel

Note:

FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/financial-institution-letters/2006/index.html .

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html .

Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).


Financial Institution Letters
FIL-78-2006
August 28, 2006

SAFEGUARDING EXAMINATION INFORMATION
Updated Procedures Issued for FDIC Examination Staff

The Federal Deposit Insurance Corporation (FDIC) has issued updated procedures to Division of Supervision and Consumer Protection examination staff as a reminder of the importance of safeguarding examination information whether in paper, electronic or other form. The term "examination information" includes all documentation acquired or created in connection with a bank examination, such as Reports of Examination, examination work papers, bank information, and any sensitive bank customer information, as defined in Section 501(b) of the Gramm-Leach-Bliley Act.

The updated procedures:

  • specify minimum standards for safeguarding examination information, including technical, physical and administrative safeguards.
  • provide guidance for the implementation of an Information Security Incident Response Program that outlines procedures that will be followed when loss, theft or unauthorized access of confidential or sensitive examination information is suspected or detected.
  • incorporate recently issued guidance from the Office of Management and Budget requiring that security incidents involving personally identifiable information be reported within one hour after discovery. Personally identifiable information includes any information maintained by an agency that can be used to distinguish or trace an individual's identity, such as a Social Security number, and date and place of birth. (See Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments , M-06-19, at http://www.whitehouse.gov/omb/ .)

These procedures are effective immediately.

Sandra L. Thompson
Acting Director
Division of Supervision and Consumer Protection



Additional Related Topics:

  • Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice
FIL-78-2006
Attachments

Last Updated: August 28, 2006