Toggle
Compliance E-Guide
Affirmative Action Americans With Disabilities Appraisals Bank Bribery Act Bank Secrecy Act Bank Secrecy Act_TEST Bankruptcy Board Governance Bylaws Certificates of Indebtedness Charitable Contributions Check 21 Children's Online Privacy Protection Act - COPPA Community Development Revolving Loan Program Conflicts Of Interest Credit Practices Rule Credit Risk Retention Credit Union Service Organizations (CUSOs) Cybersecurity Derivatives Disaster Recovery Elder Financial Abuse Electronic Fund Transfers - Regulation E Electronic Signatures Eligible Obligations Equal Credit Opportunity - REG B Examinations Expedited Funds Availability Act - REG CC Fair Credit Reporting Act Fair Debt Collection Practices Act Fair Housing Act Fair Labor Standards Act FATCA Fidelity Bonds Field Of Membership Fixed Assets Flood Insurance FOM Summary July 2015 Foreign Branching Garnishments (Federal Benefit Payments) Health Savings Accounts History of Federal Income Tax Exemption Holder In Due Course Rule Home Mortgage Disclosure Act - REG C Home Ownership Counseling Notification Identity Theft Incidental Powers Individual Development Accounts - IDAs Individual Retirement Accounts (IRAs) Interchange Fees And Routing Internet Gambling Investments - NCUA Part 703 IRS Reporting – 1098-E Student Loan Interest Statement IRS Reporting – Form 1099-INT Interest Reporting IRS Reporting - Form W-9 - Request For Taxpayer Identification Number And Certification IRS Reporting 1098 Mortgage Interest IRS Reporting Form 1099-C Discharge Of Indebtedness IRS Reporting Non-Resident Alien Reporting–Forms W-8BEN and 1042-S (also see E-guide section for FATCA) IRS REPORTING–1099-MISC,Miscellaneous Income IRS Reporting-Form 990,Return of Organization Exempt from Income Tax IRS Small Business Health Care Tax Credit IRS Summons And Levies J-Regulation J - Collection of Checks or Funds Transfer Through Fedwire Leasing - REG M Liquidity Loan Participations Management Interlocks Margin Loans - REG U Member Business Loans Mergers Military Lending Act Mortgage Loan Originator Registration (SAFE Act) NCUA - Private Student Loans NCUA Lending Non-Member Services Office Of Foreign Assets Control (OFAC) Privacy Private Mortgage Insurance Private Student Loans Prompt Corrective Action Real Estate Settlement Procedures Reclamations Record Retention-NCUA Records Preservation Program Regulation J-Collection of Checks-Funds Transfers Through Fedwire Remittance Transfers (Regulation E) Reserve Requirements (Regulation D) Right To Financial Privacy Act Security Program-Security Of Member Information Service Members Civil Relief Act Service to the Under-Served Share Insurance Signature Guarantee Programs Small Business Administration (SBA) Loans Social Security Funds Usage SPAM e-MAIL State Chartered Credit Unions Statutory Lien Supervisory Committee Tax Exemption History Taxation (history) Telemarketing Truth In Lending - REG Z Truth In Savings Unfair, Deceptive, or Abusive Acts or Practices (UDAAP)

Comp Blog

FTC oversight of data security

By: Danielle Wright

CommentTuesday - July 22, 2014

As you may know, the Federal Trade Commission has broad authority to intervene in many matters related to consumer finance. In recent years, the FTC has made several moves into the rapidly growing market for mobile applications, especially when it comes to the collection of private personal data.

The FTC recently cracked down on a number of companies for failing to invest time and resources into securing customer data that was attained or transmitted through mobile applications. In its suit against the Wyndham hotel company, the FTC alleged that Wyndham had been too lax in its oversight of its customer payment information, which was breached on three separate occasions.  Under its “unfair and deceptive” statutory enforcement authority the FTC has also targeted companies for failing to comply with their own written data security policies.

Since legal and compliance costs from an FTC action can be very costly for smaller institutions like credit unions, make sure to review your data collection policies/practices to ensure that-

  • Consumer data is collected efficiently, transparently, and with notice to the consumer
  • Data is anonymized and periodically wiped to minimize exposure to a potential security breach
  • Strict standards and disclosures are in place when providing this data to third parties
  • Both your customers and your servers use complex user id’s and passwords
  • Highly sensitive data, such as payment card info, is encrypted
  • Servers are actively monitored and updated for security patches
  • All of your partners and subsidiaries have proper policies/procedures before connecting them to your main network






print

Add Your Comment

close

 

()