NASCUS Report Article Repository: Data Breach
An Interesting Read: What Banks Need to Know About New Data Breach Notification Requirements
Courtesy of David J. Oberly, American Bankers Association
FEB. 04, 2022. Given the omnipresent concern about cyber attacks targeting the banking industry, the FDIC, OCC and Federal Reserve recently published a new joint final rule establishing enhanced security incident notification requirements for banking organizations and their service providers.
The final rule is designed to improve the sharing of information about cyber incidents that may impact the nation’s banking system and requires banks to notify their primary federal regulator within 36 hours of determining that a “significant” computer-security incident has occurred. Similarly, bank service providers are now required to notify impacted bank customers as soon as possible of any incident that could materially impact their operations for four hours or more.