Skip to content
BOL Conferences
Thread Options
#1422968 - 08/02/10 08:37 PM Nonpublic Info sent via e mail
Kahola Offline
Platinum Poster
Kahola
Joined: May 2001
Posts: 712
Scottsdale, AZ. 85255
Our policy is not send nonpubic information in an email outside the company, however, we have not had a system in place to actually block attempts. When the OTS was here they suggested we change the e mail system to allow us to "read" e mails as they come in and go out for patterns (e mails containing nonpublic information), i.e social security numbers,DOB. IT says they can program to filter any e mails that would contain certain information). We just are not sure how to handle any e mails that contain nonpublic information. Would it seem appropriate to just send the e mail back to the sender and cc their manager reminding them of our policy? Just wondering what other banks or doing regarding this. Any suggestions would be apprecicated. Thanks.

Return to Top
eBanking / Technology
#1423088 - 08/02/10 10:39 PM Re: Nonpublic Info sent via e mail Kahola
West Coast Comp Offline
Gold Star
West Coast Comp
Joined: Jun 2010
Posts: 350
Lost in the rain.
Emails to party and boss, with auto encryption of email.
_________________________
Where I go there I am. smile

Return to Top
#1423105 - 08/03/10 12:24 AM Re: Nonpublic Info sent via e mail West Coast Comp
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
What I usually see (and experienced myself) was a search system that looked for certain terms in unencrypted email and auto encryption of those emails.

Do you have encrypted email available that they are supposed to use? If not, would your email back to them remind them of approved methods of sending secure data? Hopefully it is not just sending it unencrypted on a CD or DVD.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#1425078 - 08/05/10 10:24 PM Re: Nonpublic Info sent via e mail Kathleen O. Blanchard
Andy_Z Online
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
I've not used but have read about these filters. As KB said they scan for patterns. If you emailed a customer, telling them they need to enter their SSAN on your web form in the proper format, 123-45-6789, that would get flagged because it resembles a real SSAN.

A temporary fix so that this is not exposed may be to use your internet banking communication system. Often these don't leave your servers. YMMV, but this may help in a pinch.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top

Moderator:  Andy_Z