OCC 2000 22
Subject:  Standards for Safeguarding Customer Information
Description: Proposed Rule
Date: June 26, 2000

TO:  Chief Executive Officers of All National Banks, Federal
     Branches and Agencies, Department and Division Heads, and
     All Examining Personnel

The attached proposed Guidelines establishing standards for
safeguarding customer information were published in the Federal
Register on June 26, 2000.  Comments are due August 25, 2000.  

The Office of the Comptroller of the Currency (OCC) is requesting
comment on the proposed Guidelines, which were published jointly
with the Board of Governors of the Federal Reserve System, the
Federal Deposit Insurance Corporation, and the Office of Thrift
Supervision.   The Guidelines implement Section 501(b) of the
Gramm Leach Bliley Act and require each bank to establish an
information security program tailored to its size and the nature
and scope of its operations.  To comply with the Guidelines, a
bank must  (1) identify and assess the risks that may threaten
customer information; (2) develop a written plan containing
policies and procedures to manage and control these risks; (3)
implement and test the plan; and (4) adjust the plan on a
continuing basis to account for changes in technology, the
sensitivity of customer information, and internal or external
threats to information security.  For the OCC, the Guidelines
will appear as an appendix to 12 CFR Part 30.       

For further information, contact John Carlson, deputy director
for Bank Technology, (202) 874-5013; Aida Plaza Carter, director
for Bank Information Technology Operations, (202) 874-4740;
Douglas Foster, bank technology analyst, (202) 874-0015; Clifford
Wilke, director for Bank Technology, (202) 874-5920; Jeff
Gillespie, assistant chief counsel, (202) 874-5200; or Deborah
Katz, senior attorney, Legislative and Regulatory Activities
Division, (202) 874-5090.



____________________________________
Julie L. Williams
First Senior Deputy Comptroller and Chief Counsel

Attachment 65 FR 39472