Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Maureen Fabbri (mefabbrieascorp.org)
Date: Fri Apr 17 2009 - 13:01:28 CDT
The GLBA guidelines require a financial institution to consider whether
encryption of customer information in transit or in storage is
appropriate. While the guidelines do not explicitly require encryption
of customer information, they do specify that, "Each financial
institution must consider whether the security elements ...are
appropriate for the institution and, if so, adopt those elements an
institution concludes are appropriate." Customer information is
typically defined as protected data such as customer names, account
numbers, social security numbers, addresses, and other non-public
The FFIEC says, "Institutions should employ encryption to mitigate the
risk of disclosure or alteration of sensitive information in storage and
transit," with the same assumption that sensitive information is
non-public personal information protected by the GLBA. This usually
includes account information but not necessarily bank routing
information since the latter is public information (i.e., not
non-public). Many states have written their own guidelines usually with
more specifics on what they expect to be encrypted. Perhaps you could
search the state guidelines in which your 'difficult people' do business
to see if you can find more specifics.
From: fzbrick [mailto:fzbrickgmail.com]
Sent: Thursday, April 16, 2009 4:02 PM
Subject: [Dataloss] Banking and state regulations regarding the
transmissionof banking routing/account information
Is anyone aware of written regulations regarding how bank routing and
account information should be transmitted over the internet?
Intuitively, it needs to be encrypted, however what seems clear to
others isn't to others. I need a banking regulation, federal law, or
banking requirement that says
"Bank Routing and Account information shall be encrypted".
Sorry, I am dealing with difficult people, who will not believe me, and
need it spelled out to them in near comic book form.
Dataloss Mailing List (datalossdatalossdb.org)
CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently
across your enterprise to ensure regulatory compliance.