Skip to content
BOL Conferences
Thread Options
#606081 - 08/28/06 06:41 PM Sending Financial Information Over Non-secure Line
ctodd Offline
New Poster
Joined: Apr 2006
Posts: 7
Missouri
This is in follow-up to a Guru Q&A on sending out loan documents over an unsecure and unencrypted internet connection. My interpretation is that this would be a violation of the GLBA safeguard rule. As such, it seems that the options are to use encryption or snail mail. We have a similar issue with employees sending out sensitive information via e-mail in either clear text or in an attachment. Management would like to use a detective control to identify violators. However, this would be after the e-mail has already left the building. It is my interpretation that we would be required to notify the customer and our primary regulator concerning the possible breach. My thought is that a detective control is good, but a preventative control like encryption would be better. Management believes encryption would not be customer friendly. With that said, my thought is that if we go with the detective control (coupled with current training that says don't do it), we would need to institute severe disciplinary measures for violators. Would this be sufficient or would we still subject ourselves to penalties for non-compliance with GLBA for not preventing the violation?
_________________________
Christine Todd
Chief Compliance Officer
North American Savings Bank (NASB)
12498 S. 71 Hwy, Grandview, MO 64030

Return to Top
eBanking / Technology
#606082 - 09/07/06 02:58 PM Re: Sending Financial Information Over Non-secure Line
complianceman Offline
Platinum Poster
complianceman
Joined: Mar 2005
Posts: 687
New Albany, IN
You first need to conduct an information security risk assessment. If you consider, based on the data being transmitted, the chance of a data breach of the fax transmittal or electronic mail communication to be either high or medium, you would need to put controls in place to mitigate the risk. There is an application available that you could use to send loan documentation to a remote "encrypted" location and the receipent would have to go to this location and enter a known user ID and password to access the data. I believe the software is called ZixMail or something like that.
_________________________
The opinion stated here is what it is, My Opinion.

Return to Top

Moderator:  Andy_Z