InfoBytes Blog
FDIC OIG Publishes Results of Audit of Personally Identifiable Information in Owned Real Estate Properties
On April 28, the FDIC’s Office of the Inspector General published a report – The FDIC’s Controls for Identifying, Securing, and Disposing of Personally Identifiable Information in Owned Real Estate Properties – regarding its audit of the agency’s internal controls of personally identifiable information (PII) in owned real estate (ORE) properties, which it acquires from failed FDIC-insured financial institutions. The audit was conducted to determine whether or not the FDIC’s internal controls sufficiently identified, secured, and disposed of ORE properties’ PII. According to the report, the OIG determined that the agency’s Division of Resolutions and Receivership (DRR), which is responsible for the liquidation of assets, often did not identify PII in a timely manner, and its “practices for handling and disposing of the information were inconsistent in certain key respects.” As a result of the audit, the OIG recommends that the DRR incorporate the following enhancements to its current review process of PII at ORE properties: (i) Obtain from the agency’s legal division an opinion that outlines and clarifies the requirements for handling PII at ORE properties; (ii) Review existing policies, procedures, guidance, and training and make adjustments where necessary; and (iii) Establish “the appropriate disposition of the PII that was identified at three of the ORE properties reviewed during the audit and that is currently in off-site storage.”