BreachExchange mailing list archives
Re: Banking and state regulations regarding the transmissionof banking routing/account information
From: "Maureen Fabbri" <mefabbri () eascorp org>
Date: Fri, 17 Apr 2009 14:01:28 -0400
The GLBA guidelines require a financial institution to consider whether encryption of customer information in transit or in storage is appropriate. While the guidelines do not explicitly require encryption of customer information, they do specify that, "Each financial institution must consider whether the security elements ...are appropriate for the institution and, if so, adopt those elements an institution concludes are appropriate." Customer information is typically defined as protected data such as customer names, account numbers, social security numbers, addresses, and other non-public personal information. The FFIEC says, "Institutions should employ encryption to mitigate the risk of disclosure or alteration of sensitive information in storage and transit," with the same assumption that sensitive information is non-public personal information protected by the GLBA. This usually includes account information but not necessarily bank routing information since the latter is public information (i.e., not non-public). Many states have written their own guidelines usually with more specifics on what they expect to be encrypted. Perhaps you could search the state guidelines in which your 'difficult people' do business to see if you can find more specifics. From: fzbrick [mailto:fzbrick () gmail com] Sent: Thursday, April 16, 2009 4:02 PM To: dataloss () datalossdb org Subject: [Dataloss] Banking and state regulations regarding the transmissionof banking routing/account information Hi, Is anyone aware of written regulations regarding how bank routing and account information should be transmitted over the internet? Intuitively, it needs to be encrypted, however what seems clear to others isn't to others. I need a banking regulation, federal law, or banking requirement that says "Bank Routing and Account information shall be encrypted". Sorry, I am dealing with difficult people, who will not believe me, and need it spelled out to them in near comic book form. Thanks
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Banking and state regulations regarding the transmission of banking routing/account information fzbrick (Apr 16)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Al (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Pia Sachs-Donerkiel (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information JAMES RITCHIE (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Mark Simon (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Luther Martin (Apr 17)
- Re: Banking and state regulations regarding the transmissionof banking routing/account information Maureen Fabbri (Apr 17)