The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision are seeking comment on the attached joint proposed guidance on financial institutions' response programs for unauthorized access to customer information and customer notice. Comments on the proposed guidance are due by October 14, 2003.

The proposed guidance interprets the FDIC's customer information security guidelines (12 CFR 364, app. B) and describes the FDIC's expectation that financial institutions should implement a response program to address the possible compromise of sensitive customer information. The response program should include written notice to customers in the event their sensitive customer information is compromised, unless the financial institution - after an appropriate investigation - reasonably concludes that misuse is unlikely to occur and takes appropriate steps to safeguard the interests of affected customers, including monitoring affected customers' accounts for unusual or suspicious activity.

Public comment is sought on all aspects of this proposal, including the potential burden posed by the information collection under the Paperwork Reduction Act of 1995. The submission of thoughtful comments on this important issue will assist the agencies in finalizing the guidance. Information on how to file comments is included in the attached Federal Register notice.

For more information, please contact Jeffrey M. Kopchik, Senior Policy Analyst, at (202) 898-3872, or Robert Patrick, Counsel, at (202) 898-3757.

For your reference, FDIC Financial Institution Letters may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2003/index.html. To learn how to automatically receive FDIC Financial Institution Letters through e-mail, please visit www.fdic.gov/news/news/announcements/index.html.