Skip to main content

Search

Fair Credit Reporting: 15 U.S.C. § 1679i. Statute of limitations

Any action to enforce any liability under this subchapter may be brought before the later of—

(1) the end of the 5-year period beginning on the date of the occurrence of the violation involved; or

(2) in any case in which any credit repair organization has materially and willfully misrepresented any information which—

(A) the credit repair organization is required, by any provision of this subchapter, to disclose to any consumer; and

Fair Credit Reporting: 15 U.S.C. § 1679j. Relation to state law

This subchapter shall not annul, alter, affect, or exempt any person subject to the provisions of this subchapter from complying with any law of any State except to the extent that such law is inconsistent with any provision of this subchapter, and then only to the extent of the inconsistency.

[Pub. L. No. 90-321, tit. IV, § 412, as added Pub. L. No. 104-208, div. A, tit. II, § 2451, 110 Stat. 3009–459 (Sept. 30, 1996)]

Fair Credit Reporting: 17 C.F.R. § 248.30 Procedures to safeguard customer records and information; disposal of consumer report information.

(a) Every broker, dealer, and investment company, and every investment adviser registered with the Commission must adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These written policies and procedures must be reasonably designed to:

(1) Insure the security and confidentiality of customer records and information;

Fair Credit Reporting: 16 C.F.R. § 314.1 Purpose and scope.

(a) Purpose. This part, which implements sections 501 and 505(b)(2) of the Gramm–Leach–Bliley Act, sets forth standards for developing, implementing, and maintaining reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

Fair Credit Reporting: 16 C.F.R. § 314.2 Definitions.

(a) Authorized user means any employee, contractor, agent, customer, or other person that is authorized to access any of your information systems or data.

(b)(1) Consumer means an individual who obtains or has obtained a financial product or service from you that is to be used primarily for personal, family, or household purposes, or that individual's legal representative.

(2) For example:

Fair Credit Reporting: 16 C.F.R. § 314.3 Standards for safeguarding customer information.

(a) Information security program. You shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue.

Fair Credit Reporting: 16 C.F.R. § 314.4 Elements.

In order to develop, implement, and maintain your information security program, you shall:

(a) Designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program (for purposes of this part, “Qualified Individual”). The Qualified Individual may be employed by you, an affiliate, or a service provider. To the extent the requirement in this paragraph (a) is met using a service provider or an affiliate, you shall:

Fair Credit Reporting: G.3.1 Introduction

Even after the Dodd-Frank Wall Street Reform and Consumer Protection Act, the banking agencies continue to have responsibility for issuing regulations to implement the data safeguard provisions of sections 6801 and 6805(b) of the GLBA, an area over which the CFPB expressly has no authority. These regulations are set forth below according to agency.

Fair Credit Reporting: TABLE OF CONTENTS

I. Introduction

A. Scope

B. Preservation of Existing Authority

C. Definitions

II. Standards for Information Security

A. Information Security Program

B. Objectives

III. Development and Implementation of Customer Information Security Program

A. Involve the Board of Directors

B. Assess Risk

C. Manage and Control Risk

D. Oversee Service Provider Arrangements

E. Adjust the Program

F. Report to the Board

G. Implement the Standards

Fair Credit Reporting: I. INTRODUCTION

The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth standards pursuant to section 39 of the Federal Deposit Insurance Act (section 39, codified at 12 U.S.C. 1831p-1), and sections 501 and 505(b), codified at 15 U.S.C. 6801 and 6805(b) of the Gramm-Leach Bliley Act. These Guidelines address standards for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

Fair Credit Reporting: II. STANDARDS FOR INFORMATION SECURITY

A. Information Security Program. Each national bank or Federal savings association shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the national bank or Federal savings association and the nature and scope of its activities. While all parts of the national bank or Federal savings association are not required to implement a uniform set of policies, all elements of the information security program must be coordinated.

Fair Credit Reporting: I. BACKGROUND

This Guidance10 interprets section 501(b) of the Gramm-Leach-Bliley Act (“GLBA”) and the Interagency Guidelines Establishing Information Security Standards (the “Security Guidelines”)11 and describes response programs, including customer notification procedures, that a financial institution should develop and implement to address unauthorized access to or use of customer information that could result in substantial harm or inconvenience to a customer.

Fair Credit Reporting: II. RESPONSE PROGRAM

Millions of Americans, throughout the country, have been victims of identity theft.16 Identity thieves misuse personal information they obtain from a number of sources, including financial institutions, to perpetrate identity theft. Therefore, financial institutions should take preventative measures to safeguard customer information against attempts to gain unauthorized access to the information.

Fair Credit Reporting: III. CUSTOMER NOTICE

Financial institutions have an affirmative duty to protect their customers’ information against unauthorized access or use. Notifying customers of a security incident involving the unauthorized access or use of the customer’s information in accordance with the standard set forth below is a key part of that duty. Timely notification of customers is important to manage an institution’s reputation risk.

Fair Credit Reporting: Amendment History

[66 Fed. Reg. 8633 (Feb. 1, 2001), as amended at 69 Fed. Reg. 77,616 (Dec. 28, 2004); 70 Fed. Reg. 15,753 (Mar. 29, 2005); 71 Fed. Reg. 5780 (Feb. 3, 2006); 79 Fed. Reg. 54,544 (Sept. 11, 2014)]

Fair Credit Reporting: TABLE OF CONTENTS

I. Introduction

A. Scope

B. Preservation of Existing Authority

C. Definitions

II. Standards for Safeguarding Customer Information

A. Information Security Program

B. Objectives

III. Development and Implementation of Customer Information Security Program

A. Involve the Board of Directors

B. Assess Risk

C. Manage and Control Risk

D. Oversee Service Provider Arrangements

E. Adjust the Program

F. Report to the Board

G. Implement the Standards

Fair Credit Reporting: I. INTRODUCTION

These Interagency Guidelines Establishing Standards for Safeguarding Customer Information (Guidelines) set forth standards pursuant to sections 501 and 505 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 and 6805), in the same manner, to the extent practicable, as standards prescribed pursuant to section 39 of the Federal Deposit Insurance Act (12 U.S.C. 1831p-1). These Guidelines address standards for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

Fair Credit Reporting: II. STANDARDS FOR INFORMATION SECURITY

A. Information Security Program. Each bank shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the bank and the nature and scope of its activities. While all parts of the bank are not required to implement a uniform set of policies, all elements of the information security program must be coordinated. A bank also shall ensure that each of its subsidiaries is subject to a comprehensive information security program.

Fair Credit Reporting: III. DEVELOPMENT AND IMPLEMENTATION OF INFORMATION SECURITY PROGRAM

A. Involve the Board of Directors. The board of directors or an appropriate committee of the board of each bank shall:

1. Approve the bank’s written information security program; and

2. Oversee the development, implementation, and maintenance of the bank’s information security program, including assigning specific responsibility for its implementation and reviewing reports from management.

B. Assess Risk. Each bank shall: