Newsroom
August 26, 2015
NCUA institutes encryption protocols for data provided to examiners
NCUA has instituted data encryption protocols as suggested by its Office of Inspector General this June following review of an examiner's loss of a thumb drive containing credit union members' data.
The protocols were communicated Aug. 21 in a letter from NCUA Examination and Insurance Director Larry Fazio to the chief executives of federally insured credit unions.
The letter says the agency's examiners now will accept data files from credit unions only if the files are encrypted first by the credit union or, if the credit union is unable or does not wish to do that, via transfer to NCUA's encrypted equipment. In either case, parties involved will sign a "chain of custody" document. The letter, in a footnote, also advises credit unions against electronically transmitting unencrypted data to examiners.
Encryption protocols outlined in the letter will remain in use until the agency acquires a secure file transfer solution that will allow credit unions and exam staff to "securely and efficiently" exchange information, Fazio wrote. That solution is expected to be in place early next year.
NAFCU Director of Regulatory Affairs Alicia Nealon reiterated concerns aired in June about the agency's safekeeping of data. "Credit unions shouldn't be hit with costly new requirements when it is within NCUA's power to ensure against mishaps with credit union members' data," she said.
She also encouraged NCUA to follow through with the numerous other recommendations of the OIG, including better training of staff in the safe handling of credit union members' data.
The protocols were communicated Aug. 21 in a letter from NCUA Examination and Insurance Director Larry Fazio to the chief executives of federally insured credit unions.
The letter says the agency's examiners now will accept data files from credit unions only if the files are encrypted first by the credit union or, if the credit union is unable or does not wish to do that, via transfer to NCUA's encrypted equipment. In either case, parties involved will sign a "chain of custody" document. The letter, in a footnote, also advises credit unions against electronically transmitting unencrypted data to examiners.
Encryption protocols outlined in the letter will remain in use until the agency acquires a secure file transfer solution that will allow credit unions and exam staff to "securely and efficiently" exchange information, Fazio wrote. That solution is expected to be in place early next year.
NAFCU Director of Regulatory Affairs Alicia Nealon reiterated concerns aired in June about the agency's safekeeping of data. "Credit unions shouldn't be hit with costly new requirements when it is within NCUA's power to ensure against mishaps with credit union members' data," she said.
She also encouraged NCUA to follow through with the numerous other recommendations of the OIG, including better training of staff in the safe handling of credit union members' data.
Share This
Related Resources
Add to Calendar 2024-06-26 14:00:00 2024-06-26 14:00:00 Gallagher Executive Compensation and Benefits Survey About the Webinar The webinar will share trends in executive pay increases, annual bonuses, and nonqualified benefit plans. Learn how to use the data charts as well as make this data actionable in order to improve your retention strategy. You’ll hear directly from the survey project manager on how to maximize the data points to gain a competitive edge in the market. Key findings on: Total compensation by asset size Nonqualified benefit plans Bonus targets and metrics Prerequisites Demographics Board expenses Watch On-Demand Web NAFCU digital@nafcu.org America/New_York public
Gallagher Executive Compensation and Benefits Survey
preferred partner
Gallagher
Webinar
Add to Calendar 2024-06-21 09:00:00 2024-06-21 09:00:00 2024 Mid-Year Fraud Review Listen On: Key Takeaways: [01:16] Check fraud continues to be rampant across the country. Card fraud is affecting everyone. [04:31] Counterfeit US passport cards are just another new toolbox in the bad actors’ toolbox. [07:21] Blocking the fallback is the only way to defeat counterfeit cards. [11:17] The best way is constant education to your members in as many channels as you can. [13:02] We are still seeing overdraft lawsuits. Make sure the programming you have at your credit union matches what you have displayed for the members. Web NAFCU digital@nafcu.org America/New_York public
2024 Mid-Year Fraud Review
Strategy & Growth, Consumer Lending
preferred partner
Allied Solutions
Podcast
Add to Calendar 2024-06-21 09:00:00 2024-06-21 09:00:00 The Evolving Role of the CISO in Credit Unions Listen On: Key Takeaways: [01:30] Being able to properly implement risk management decisions, especially in the cyber age we live in, is incredibly important so CISOs have a lot of challenges here. [02:27] Having a leader who can really communicate cyber risks and understand how ready that institution is to deal with cyber events is incredibly important. [05:36] We need to be talking about risk openly. We need to be documenting and really understanding what remediating risk looks like and how you do that strategically. [16:38] Governance, risk, compliance, and adherence to regulatory controls are all being looked at much more closely. You are also seeing other technology that is coming into the fold directly responsible for helping CISOs navigate those waters. [18:28] The reaction from the governing bodies is directly related to the needs of the position. They’re trying to help make sure that we are positioned in a way that gets us the most possibility of success, maturing our postures and protecting the institutions. Web NAFCU digital@nafcu.org America/New_York public
The Evolving Role of the CISO in Credit Unions
preferred partner
DefenseStorm
Podcast
Get daily updates.
Subscribe to NAFCU today.