Compliance

02:15 PM
Catherine A. Allen, Chairman and CEO, The Santa Fe Group (Santa Fe, N.M.)
Catherine A. Allen, Chairman and CEO, The Santa Fe Group (Santa Fe, N.M.)
News
Connect Directly
RSS
E-Mail
50%
50%

New Encryption, Vendor Privacy Requirements Good for Banks

New Massachusetts Data Security Regulation adds encryption, vendor responsibility to the privacy mix.

Catherine A. Allen
Financial institutions have been regulated for years under the GLBA Safeguards Rule, which includes data security regulations that are similar (but not identical) to those found in the Massachusetts Data Security Regulation. The key benefit of the new regulation to the financial services industry is that it now holds third-party vendors directly accountable to protect personal information. The concern, naturally, will be over the additional impact (and costs) to the industry as each state follows suit with similar (but not identical) legislative initiatives.

The significant new requirement is mandatory encryption. If an entity electronically stores or transmits information on Massachusetts residents, encryption of personal information (defined as name combined with either Social Security, driver's license or financial account number) is required when transferred in a wireless environment or when stored on laptops or other portable devices. While many financial institutions have comprehensive encryption programs, this requirement will extend the protection not only to customer information but to employee information as well.

In addition the regulation reinforces the requirement to take all reasonable steps to ensure third-party vendors are verified and monitored to ensure they comply. [The Santa Fe Group, through the multi-industry-based Shared Assessments Program, offers an industry-standard control-assessment approach for use by financial institutions and third-party providers that is being updated to meet these new requirements. The materials are available at shareassessments.org.]


Massachusetts Privacy Regulations Are Step in the Right Direction
Mass. Privacy Rule Doesn't Translate to National Standard
New Encryption, Vendor Privacy Requirements Good for Banks
Banks Spend in Wrong Privacy Areas

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video
Bank Systems & Technology Radio