To All Depository Institutions and Others
Concerned in the Second Federal Reserve District:
In a press release, the federal bank and thrift regulatory agencies announced interagency final rules to require financial institutions to adopt measures for properly disposing of consumer information derived from credit reports.
Current law requires financial institutions to protect customer information by implementing information security programs. The final rules require institutions to make modest adjustments to their information security programs to include measures for the proper disposal of consumer information. They also add a new definition of "consumer information."
Final rules implement section 216 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act) and include this new statutory requirement in the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (retitled the Interagency Guidelines Establishing Standards for Information Security), which were adopted in 2001.
The final rules will take effect on July 1, 2005.
Legal and Compliance Risk Department
William L. Rutledge
Executive Vice President