What regulations outline requirements for shredding of paper documents that are bank, or customer, consumer information?
A big part of our IT Security budget is spent on GLBA compliance. Are we doing something wrong?
How can a bank achieve assured compliance given the constrained information security budgets today?
Among credit risk, market risk and operational risk, developing a good operational risk management program seems to be the most challenging. Can't our existing compliance processes (e.g., AML, Red Flags, GLBA, etc.) contribute to operational risk management?
During 2007 Security Officers Training in Philadelphia, someone spoke about the "Clean Desk Act". Can you tell me where I can find information on this and do any of the regulatory agencies have specific regulations on this?
I have a very technical GLBA question. It is my understanding that if all employees of the bank are required to have deposit accounts then they are also considered a customer under GLBA. If there happened to be a breach of employee nonpublic information through the HR department, say the payroll vendor was compromised and all employees' social security numbers were released, would this not be considered a breach under GLBA and notification required to the affected customers (employees) along with notice to our regulators? Is it possible since the breach occurred through HR department and was of employees' nonpublic information that it is not defined as a breach under GLBA?