The Department of the Treasury recently published Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice.

You are probably familiar with the publication of this guidance as described by The Federal Reserve Board at www.federalreserve.gov/boarddocs/press/bcreg/2005/20050323/default.htm

The Text of Common Final Guidance contains Supplement A to Appendix B which is being incorporated into agency regulations. It would be wise for appropriate bank personnel to be familiar with this supplement’s text (found on page 32 of attachment found at www.federalreserve.gov/boarddocs/press/bcreg/2005/20050323/attachment.pdf). The entire document is useful in understanding the overall guidance and thought processes behind the rulings, but the actual guidance text begins on page 32. [more]

The CoNetrix Security Group has reviewed the guidelines and has drafted recommended updates to Information Technology Security Policies. Within the next few weeks, we will contact the banks with which we have worked on such policies. If you have not worked with CoNetrix regarding preparation of security policies and are interested in doing so, please contact us.