Question: In the event of a data breach, is my institution required to notify both customers and authorities of the incursion?
Answer: Yes, you are. 2007 will see increased scrutiny of data breach notification plans. The FFIEC IT Booklet regarding BCP already calls for formalized data breach notification programs, but the requirement will tighten. The FDIC is calling for the creation of distinct Incident Reporting Programs (IRPs). You must notify both affected parties and authorities, and have a formal process for doing so.
CC Pace Boilerplate
CC Pace is a financial services consulting firm whose clients include members of the Fortune 100, as well as industry entrants and mid-size firms. CC Pace provides the banking industry the information and services you need to stay competitive in your markets using the best and most secure risk management and mitigation technologies. For additional information please visit our website at www.ccpace.com, call us at 703-631-6600, or email us at info@ccpace.com.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
