BreachExchange mailing list archives
Re: Banking and state regulations regarding the transmission of banking routing/account information
From: Luther Martin <martin () voltage com>
Date: Fri, 17 Apr 2009 11:31:39 -0700
I think that this is actually a bit weaker now. After the May 2008 change 1, this now reads: C. Manage and Control Risk. Each credit union should: 1. Design its information security program to control the identified risks, commensurate with the sensitivity of the information as well as the complexity and scope of the credit union's activities. Each credit union must consider whether the following security measures are appropriate for the credit union and, if so, adopt those measures the credit union concludes are appropriate: ... c. Encryption of electronic member information, including while in transit or in storage on networks or systems to which unauthorized individuals may have access; Which makes it look like they can dodge it if they really want to. There are lots of laws and regulations that require businesses to "protect" or "safeguard" sensitive data, but it's actually hard to find one that actually requires encryption to do this. There are state laws that require this (Nevada, etc.), but those are the only ones that I know of.
-----Original Message----- From: dataloss-bounces () datalossdb org [mailto:dataloss- bounces () datalossdb org] On Behalf Of Pia Sachs-Donerkiel Sent: Friday, April 17, 2009 6:56 AM To: 'dataloss () datalossdb org' Subject: Re: [Dataloss] Banking and state regulations regarding the transmission of banking routing/account information Well, it's not Banking Reg, but I am sure FDIC has something similar to BCUA: Credit Union member information security requirements, for federal credit unions, is spelled out in section 748 of NCUA's Rules and Regulations. Section iii Development and implementation of member information security program; part C ;Manage and control risk paragraph (c) of part 748 states: Each Credit Union shall employ encryption of electronic member information, including while in transit or in storage on networks or systems to which unauthorized individuals may have access. Pia Sachs-Donerkiel Payment Services Supervisor New England Federal Credit Union 802-879-8773 802-764-6589 Fax From: dataloss-bounces () datalossdb org [mailto:dataloss- bounces () datalossdb org] On Behalf Of fzbrick Sent: Thursday, April 16, 2009 4:02 PM To: dataloss () datalossdb org Subject: [Dataloss] Banking and state regulations regarding the transmission of banking routing/account information Hi, Is anyone aware of written regulations regarding how bank routing and account information should be transmitted over the internet? Intuitively, it needs to be encrypted, however what seems clear to others isn't to others. I need a banking regulation, federal law, or banking requirement that says "Bank Routing and Account information shall be encrypted". Sorry, I am dealing with difficult people, who will not believe me, and need it spelled out to them in near comic book form. Thanks ________________________________ Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential & privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact sender by reply email & destroy all copies of the original message. To protect your privacy, we have removed personal and account information (such as member number, etc.) from the email being returned to you, and we advise you not to include confidential information if you respond to this email.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Banking and state regulations regarding the transmission of banking routing/account information fzbrick (Apr 16)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Al (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Pia Sachs-Donerkiel (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information JAMES RITCHIE (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Mark Simon (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Luther Martin (Apr 17)
- Re: Banking and state regulations regarding the transmissionof banking routing/account information Maureen Fabbri (Apr 17)