Newsroom
August 26, 2015
NCUA institutes encryption protocols for data provided to examiners
NCUA has instituted data encryption protocols as suggested by its Office of Inspector General this June following review of an examiner's loss of a thumb drive containing credit union members' data.
The protocols were communicated Aug. 21 in a letter from NCUA Examination and Insurance Director Larry Fazio to the chief executives of federally insured credit unions.
The letter says the agency's examiners now will accept data files from credit unions only if the files are encrypted first by the credit union or, if the credit union is unable or does not wish to do that, via transfer to NCUA's encrypted equipment. In either case, parties involved will sign a "chain of custody" document. The letter, in a footnote, also advises credit unions against electronically transmitting unencrypted data to examiners.
Encryption protocols outlined in the letter will remain in use until the agency acquires a secure file transfer solution that will allow credit unions and exam staff to "securely and efficiently" exchange information, Fazio wrote. That solution is expected to be in place early next year.
NAFCU Director of Regulatory Affairs Alicia Nealon reiterated concerns aired in June about the agency's safekeeping of data. "Credit unions shouldn't be hit with costly new requirements when it is within NCUA's power to ensure against mishaps with credit union members' data," she said.
She also encouraged NCUA to follow through with the numerous other recommendations of the OIG, including better training of staff in the safe handling of credit union members' data.
The protocols were communicated Aug. 21 in a letter from NCUA Examination and Insurance Director Larry Fazio to the chief executives of federally insured credit unions.
The letter says the agency's examiners now will accept data files from credit unions only if the files are encrypted first by the credit union or, if the credit union is unable or does not wish to do that, via transfer to NCUA's encrypted equipment. In either case, parties involved will sign a "chain of custody" document. The letter, in a footnote, also advises credit unions against electronically transmitting unencrypted data to examiners.
Encryption protocols outlined in the letter will remain in use until the agency acquires a secure file transfer solution that will allow credit unions and exam staff to "securely and efficiently" exchange information, Fazio wrote. That solution is expected to be in place early next year.
NAFCU Director of Regulatory Affairs Alicia Nealon reiterated concerns aired in June about the agency's safekeeping of data. "Credit unions shouldn't be hit with costly new requirements when it is within NCUA's power to ensure against mishaps with credit union members' data," she said.
She also encouraged NCUA to follow through with the numerous other recommendations of the OIG, including better training of staff in the safe handling of credit union members' data.
Related Resources
Add to Calendar 2023-11-16 14:00:00 2023-11-16 14:00:00 Cybersecurity Incidents - When and How to Report to NCUA NCUA’s cyber incident notification rule went into effect on September 1, 2023. In this webinar, Cybersecurity Incidents - When and How to Report to NCUA, you’ll review the changes in the rule and overlap with existing data breach notification requirements to help credit unions determine if an incident is substantial and if so, what steps to take to report to the agency. Key Takeaways Understand when an incident is reportable Learn what must be reported, and how to report Cross-check your compliance implementation Register Now $295 Members | $395 Nonmembers(Additional $50 for USB)One registration gives your entire team access to the live webinar and on-demand recording until November 16, 2024.Go to the Online Training Center to access the webinar after purchase » Please contact our Member Services department if you're unable to view the webinar in the Online Training Center. Who Should Attend NCCOs NCRMs Compliance and risk titles Legal staff Education Credits NCCOs will receive 1.0 CEUs for participating in this webinar NCRMs will recieve 1.0 CEUs for participating in this webinar CPA credit information is below; recommended 1.0 CPE credits. CPA Certification Credit Information (Note: Webinars must be attended when aired to receive CPE credits.) Reviewer: Josie Collins, Senior Associate Director of Education, NAFCU Learning Objectives: See key takeaways Program Level: Basic Prerequisites Needed: None Advance Preparation Needed: None Delivery Method: Group Internet-Based Recommended CPE Credits: 1.0 credits Recommended Field of Study: Regulatory Ethics – Technical About Our Webinars Our webinars are streamed live from NAFCU headquarters near Washington, DC. Your audio/video feed of the presenters includes presentation slides and downloadable handouts. You can easily submit your questions to the presenters at any time during the live broadcast, with no dialing over the phone! The audio and video stream directly through your computer. Web NAFCU digital@nafcu.org America/New_York public
Cybersecurity Incidents - When and How to Report to NCUA
Credits: NCCO, NCRM, CPE
Webinar
Add to Calendar 2023-11-16 14:00:00 2023-11-16 14:00:00 The Benefits of Benchmarking your Credit Union’s 401(k) Plan About the Webinar Your retirement plan is a key tool for attracting, retaining and rewarding top talent—the talent that credit unions need to compete effectively. How does your plan stack up? Discover how a benchmarking report can provide insight into actionable items in areas such as fees, investments, plan design and best practices, and can also help ensure you are meeting your fiduciary obligations as a plan sponsor. Register Here Web NAFCU digital@nafcu.org America/New_York public
The Benefits of Benchmarking your Credit Union’s 401(k) Plan
preferred partner
Pentegra
Webinar
Get daily updates.
Subscribe to NAFCU today.