Compliance requirements in responding to the Target breach
12/27/2013 02:37 pm
In the wake of the Target data breach many credit unions are asking CUNA's compliance attorneys: What do federal regulations require we do? It is important for credit unions to remember that despite the high profile nature (right before Christmas and at a very large, nation-wide retailer) they will need to handle it like any other data breach.
When a credit union becomes aware of an incident of unauthorized access to sensitive member information maintained by either the credit union or its contracted third party service provider, the credit union must conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. Sensitive information includes a member’s name, address, or telephone number, in conjunction with the member’s social security number, driver’s license number, account number, credit or debit card number, or a personal identification number or password that would permit access to the member’s account.
Links to NCUA’s Section 748 regulation and Appendix B can be found in CUNA’s eGuide to Federal Laws and Regulation under our “Security Programs” topic or by