BY DANIELLA CASSERES
When it comes to the safety of your credit union members’ personal information online, this year is going to be more tightly regulated and enforced than ever before. Read on to find out the various state and agency reforms that may impact your CU’s cybersecurity measures in 2016.
For years regulators have required credit unions to maintain the security of consumer non-public personal information.In 2016 it appears that information security, specifically cyber security, will be at the top of regulators’ legislative and enforcement agendas.As virtual networks become more important to business growth, so does the need to protect information shared through those networks.
Regulatory focus on cyber security is evident from various state and agency reforms that have either recently taken place or are imminent. Wyoming, for example, recently updated its information security laws to amend its definition of personally identifiable information. The state also changed its security breach notification requirements. Other states, including California and New York, have launched cybersecurity initiatives to propose and implement new legislation. The New York Department of Financial Services issued a letter in November 2015 inviting feedback from federal agencies, including the National Credit Union Administration, to develop comprehensive financial industry cybersecurity regulations.New York’s letter included a list of proposed standards that would require financial institutions to: maintain cybersecurity policies and procedures; require minimum contract terms with third-party service providers concerning cyber security; designate a qualified chief information security officer; conduct cybersecurity audits and vulnerability assessments; and implement specific notification guidelines to report security breaches.