In the year 2005, there were over 53 million individuals affected by security breaches wherein their personal information was compromised. The ChoicePoint incident was considered one of the first highly publicized events where notification to the individuals affected was made. As the year closed, more than half the States’ Legislatures considered or approved bills to protect citizens’ personal information. Congress considered several bills that would make notification of a security breach mandatory nationwide. The cause of security breaches varies widely from compromised passwords, to stolen laptops, to lost backup tapes, dishonest insiders, online exposure, hackers, and even inadvertent disclosures such as sending out an email containing social security numbers to a mass mailing list. The onus of protecting personal information sits squarely on the data owner’s head. What can banks do to make sure that employees do not participate either willingly or unwillingly in data disclosure?