Béla Fleck is widely recognized as one of the world’s premier banjo players, and is currently in NYC to perform a live show and answer fan questions at The New York Times headquarters. Jon Pareles, chief pop music critic for The Times, will be in the room to ask those questions. He will be joined by Caryn Ganz, The Times’s pop music editor, who will be chatting with the audience and providing insight throughout. You can submit your own questions here.
October is National Cybersecurity Awareness Month, so today I’m writing about service provider data breaches and member notification rules. I’ll also share some insights from a cybersecurity-related event I attended last week at the U.S. Chamber of Commerce.To start with the basics, Part 748 of NCUA’s regulations implements the Gramm-Leach Bliley Act of 1999 (GLBA) and describes a credit union’s obligation to adopt various technical and administrative safeguards to protect member information. Appendix B to Part 748 advises credit unions that they should develop a “risk-based response program” to address “incidents of unauthorized access to member information in member information systems.” Appendix B also describes the standard for providing notice to members when there is an incident of unauthorized access to “sensitive member information.” (Emphasis added.)Let’s unpack some of this language. As an initial matter, Part 748 describes not only what a credit union should do, but also what it must do to safeguard member information. In general, NCUA’s IT examination process is risk-based, so it’s incumbent upon the credit union to design security controls that are appropriately tailored. However, NCUA advises that a credit union should, at a minimum, consider the specific security measures enumerated in Appendix A to Part 748, which include a response program. In addition, 12 CFR 748.0(b)(3) requires that the credit union’s security program be designed to “respond to incidents of unauthorized access to or use of member information that could result in substantial harm or serious inconvenience to a member.” continue reading » 16SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr