Thread Options
#1041437 - 09/12/08 08:04 PM backup tape encryption
Maggie Offline
Junior Member
Joined: Aug 2004
Posts: 29
Eastern Massachusetts
Does the bank have to encrypt backup tapes that are transported to another location (one of the branches)? Or is this part of the stronger identity theft laws effective in November?

Return to Top
eBanking / Technology
#1041631 - 09/13/08 01:01 AM Re: backup tape encryption Maggie
DerrickAuditor Offline
Joined: Mar 2008
Posts: 91
GLBA, the new id theft regs, and other federal and state privacy regulations require non-public personal information (NPPI) be protected from unauthorized access at all times. These regulations place constraints on how data is stored, processed, and transmitted.

The FFIEC Information Security Booklet states that financial institutions should “employ encryption to mitigate the risk of disclosure or alteration of sensitive information in storage and transit.”

Per recent interpretations of GLBA, “password protection of this data is not sufficient to mitigate the risks – encryption technology must be used to secure the exchange of NPPI over a public network.”

If your tapes are lost or stolen in route or once it arrives at its final destination, encryption would give you comfort that the data is protected. To reduce regulatory risk and reputation risk, I would highly encourage encryption.
Last edited by DerrickAuditor; 09/13/08 01:02 AM.
Return to Top
#1043430 - 09/16/08 07:10 PM Re: backup tape encryption Maggie
ITGuy Offline
Gold Star
Joined: May 2004
Posts: 352
We are planning to put backup tape encryption in our 2009 budget. Our regulator told me that while encryption is not required, it is strongly recommended and encouraged. Until we implement encryption, our independent I/T auditor suggested that we create an inventory and tracking system of all backup tapes. This way, we should know where our tapes are at all times.
"Work like you don't need the money, love like you've never been hurt, and dance like no one is watching!"

Return to Top

Moderator:  Andy_Z