Skip to content

Should Your Bank Inform Customers About a Data Breach?

Question: 
If we experience a cyber breach, are we obligated to tell our customers and/or regulators?
Answer: 

Yes. When an incident of unauthorized access to sensitive customer information involves your information systems, you must notify your customers and regulator.

Your Customer Notice should provide a description of the incident; the type of information that was subject to unauthorized access; measures your firm's taken to protect customers from further unauthorized access; a telephone number customers can call for information and assistance; and, a reminder to customers to remain vigilant over the next 12 to 24 months, and report suspected identity theft incidents to your firm.
-----------------------------
Learn more about Carly Souther's webinar 10 Steps to Cybersecurity Continuity & Compliance

First published on 01/05/2020

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics