Breach blocking encryption rule on NCUA agenda

by: Nicholas Ballasy

NCUA Board Chairman Debbie Matz said the NCUA is contemplating proposing a rule that would require credit unions to encrypt the data provided to examiners in response to the examiner who lost a flash drive with members’ personal information.

The incident occurred during an examination of the $13 million Palm Springs Federal Credit Union in Palm Springs, Calif.

Matz also estimated the cost of the breach to be $15,000 to $20,000.

“We are contemplating a rule, which would require encryption, but we’re not at the point where I can say we’re going in that direction yet but it’s clearly something we’re thinking about. Short of requiring it, we’re really struggling trying to figure out how to prevent data breaches. That’s a very fundamental thing to do, to make sure that if the data is lost or stolen that members’ confidential information is protected,” Matz told CU Times Tuesday.

“Believe it or not, we really don’t like putting out more regs than we need to but we’re struggling to determine if there’s another way to do this. Of course we’re always willing to hear suggestions from the credit union community about how to proceed,” she added.

continue reading »