Newsroom
August 26, 2015
NCUA institutes encryption protocols for data provided to examiners
NCUA has instituted data encryption protocols as suggested by its Office of Inspector General this June following review of an examiner's loss of a thumb drive containing credit union members' data.
The protocols were communicated Aug. 21 in a letter from NCUA Examination and Insurance Director Larry Fazio to the chief executives of federally insured credit unions.
The letter says the agency's examiners now will accept data files from credit unions only if the files are encrypted first by the credit union or, if the credit union is unable or does not wish to do that, via transfer to NCUA's encrypted equipment. In either case, parties involved will sign a "chain of custody" document. The letter, in a footnote, also advises credit unions against electronically transmitting unencrypted data to examiners.
Encryption protocols outlined in the letter will remain in use until the agency acquires a secure file transfer solution that will allow credit unions and exam staff to "securely and efficiently" exchange information, Fazio wrote. That solution is expected to be in place early next year.
NAFCU Director of Regulatory Affairs Alicia Nealon reiterated concerns aired in June about the agency's safekeeping of data. "Credit unions shouldn't be hit with costly new requirements when it is within NCUA's power to ensure against mishaps with credit union members' data," she said.
She also encouraged NCUA to follow through with the numerous other recommendations of the OIG, including better training of staff in the safe handling of credit union members' data.
The protocols were communicated Aug. 21 in a letter from NCUA Examination and Insurance Director Larry Fazio to the chief executives of federally insured credit unions.
The letter says the agency's examiners now will accept data files from credit unions only if the files are encrypted first by the credit union or, if the credit union is unable or does not wish to do that, via transfer to NCUA's encrypted equipment. In either case, parties involved will sign a "chain of custody" document. The letter, in a footnote, also advises credit unions against electronically transmitting unencrypted data to examiners.
Encryption protocols outlined in the letter will remain in use until the agency acquires a secure file transfer solution that will allow credit unions and exam staff to "securely and efficiently" exchange information, Fazio wrote. That solution is expected to be in place early next year.
NAFCU Director of Regulatory Affairs Alicia Nealon reiterated concerns aired in June about the agency's safekeeping of data. "Credit unions shouldn't be hit with costly new requirements when it is within NCUA's power to ensure against mishaps with credit union members' data," she said.
She also encouraged NCUA to follow through with the numerous other recommendations of the OIG, including better training of staff in the safe handling of credit union members' data.
Share This
Related Resources
Add to Calendar 2024-05-03 14:00:00 2024-05-03 14:00:00 Plan Sponsor Attitudes Toward Retirement Plan Management and Fiduciary Outsourcing About the Webinar In January 2024, Pentegra conducted a survey of retirement plan sponsors and their perspectives on retirement plan management and fiduciary outsourcing. The survey measured how sponsors are using fiduciary outsourcing to help better manage their retirement plans. It also captured their perspectives on what outsourcing does to help them better position their plans and drive improved retirement plan outcomes. Key Takeaways: What is the full scope of your responsibilities as a plan sponsor? What is fiduciary outsourcing and how does it work? How does fiduciary outsourcing help reduce workloads and minimize risk? How can a credit union best position its plan to drive improved outcomes? Register Here Web NAFCU digital@nafcu.org America/New_York public
Plan Sponsor Attitudes Toward Retirement Plan Management and Fiduciary Outsourcing
preferred partner
Pentegra
Webinar
Ensuring Safety and Soundness with AI
Management, Consumer Lending, FinTech
preferred partner
Upstart
Blog Post
Turning Lemons into Lemonade: Capitalizing in a Post-Banking Crisis Era
Strategy
preferred partner
Allied Solutions
Blog Post
Add to Calendar 2024-05-02 14:00:00 2024-05-02 14:00:00 Mastering Resilience in Incident Response Plans About the Webinar An Incident Response (IR) plan is crucial for guiding credit unions through major incidents efficiently and effectively. However, many IR plans lack resilience, making them less adaptable to the evolving threat landscape. Join us for our webinar Mastering Resilience in Incident Response Plans where DefenseStorm cyber experts Elizabeth Houser and James Bruhl will delve into the importance of resiliency within cybersecurity IR plans. Don’t miss out on the opportunity to learn how to: Ensure IR plan accessibility so that all team members with assigned roles are prepared for effective incident response. Conduct efficient and regular reviews to ensure roles and responsibilities are current, tools are relevant, and compliance requirements are met. Implement and utilize tabletops to regularly test the effectiveness of your IR plan. Enhance preparedness, efficiency, and confidence among responders. View On-Demand Web NAFCU digital@nafcu.org America/New_York public
Mastering Resilience in Incident Response Plans
preferred partner
DefenseStorm
Webinar
Get daily updates.
Subscribe to NAFCU today.