BreachExchange mailing list archives

Re: Banking and state regulations regarding the transmission of banking routing/account information

From: Luther Martin <martin () voltage com>
Date: Fri, 17 Apr 2009 11:31:39 -0700

I think that this is actually a bit weaker now. After the May 2008 change 1, this now reads:

C. Manage and Control Risk. Each credit union
should:
1. Design its information security program to control the
identified risks, commensurate with the sensitivity of the
information as well as the complexity and scope of the
credit union's activities. Each credit union must consider
whether the following security measures are appropriate
for the credit union and, if so, adopt those measures the
credit union concludes are appropriate:
...
c. Encryption of electronic member information,
including while in transit or in storage on networks or
systems to which unauthorized individuals may have
access;

Which makes it look like they can dodge it if they really want to.

There are lots of laws and regulations that require businesses to "protect" or "safeguard" sensitive data, but it's 
actually hard to find one that actually requires encryption to do this. There are state laws that require this (Nevada, 
etc.), but those are the only ones that I know of.

-----Original Message-----
From: dataloss-bounces () datalossdb org [mailto:dataloss-
bounces () datalossdb org] On Behalf Of Pia Sachs-Donerkiel
Sent: Friday, April 17, 2009 6:56 AM
To: 'dataloss () datalossdb org'
Subject: Re: [Dataloss] Banking and state regulations regarding the
transmission of banking routing/account information

Well, it's not Banking Reg, but I am sure FDIC has something similar to
BCUA:

 Credit Union member  information security requirements, for federal
credit unions, is spelled out in section 748 of NCUA's Rules and
Regulations.

Section iii  Development and implementation of member information
security program; part C ;Manage and control risk  paragraph (c) of
part 748 states:

Each Credit Union shall employ encryption of electronic member
information, including while in transit or in storage on networks or
systems to which unauthorized individuals may have access.

Pia Sachs-Donerkiel

Payment Services Supervisor

New England Federal Credit Union

802-879-8773

802-764-6589 Fax

From: dataloss-bounces () datalossdb org [mailto:dataloss-
bounces () datalossdb org] On Behalf Of fzbrick
Sent: Thursday, April 16, 2009 4:02 PM
To: dataloss () datalossdb org
Subject: [Dataloss] Banking and state regulations regarding the
transmission of banking routing/account information

Hi,

Is anyone aware of written regulations regarding how bank routing and
account information should be transmitted over the internet?

Intuitively, it needs to be encrypted, however what seems clear to
others isn't to others.  I need a banking regulation, federal law, or
banking requirement that says

"Bank Routing and Account information shall be encrypted".

Sorry, I am dealing with difficult people, who will not believe me, and
need it spelled out to them in near comic book form.

Thanks

________________________________

Confidentiality Notice: This email message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential & privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact sender by reply email & destroy all copies of
the original message. To protect your privacy, we have removed personal
and account information (such as member number, etc.) from the email
being returned to you, and we advise you not to include confidential
information if you respond to this email.


_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss

Current thread:

Banking and state regulations regarding the transmission of banking routing/account information fzbrick (Apr 16)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Al (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Pia Sachs-Donerkiel (Apr 17)
  - Re: Banking and state regulations regarding the transmission of banking routing/account information JAMES RITCHIE (Apr 17)
  - Re: Banking and state regulations regarding the transmission of banking routing/account information Mark Simon (Apr 17)
  - Re: Banking and state regulations regarding the transmission of banking routing/account information Luther Martin (Apr 17)
    - Re: Banking and state regulations regarding the transmission of banking routing/account information Chris Walsh (Apr 17)
- Re: Banking and state regulations regarding the transmissionof banking routing/account information Maureen Fabbri (Apr 17)