Go to:

May 2018
< Apr Jun >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

NCUA Outlines Procedures for Handling Sensitive Information
Friday, August 28, 2015 6:35 AM

Recently updated examination procedures from the National Credit Union Administration are intended to strengthen safeguards for data received electronically during an examination.

The NCUA defines “sensitive data” as information which by itself, or in combination with other information, could be used to cause harm to a credit union, credit union member, or any other party external to the NCUA; and any information concerning a person or their account which is not public information, including any non-public personally identifiable information.

“In order to ensure sensitive electronic credit union and member data is well protected, the data held by NCUA needs to be encrypted,” reads the letter, signed by Larry Fazio, director of the NCUA’s Office of Examination and Insurance. “The process of exchanging this data between credit unions and examiners also needs to be secure and well controlled.”

Effective immediately, NCUA examiners may only accept sensitive data electronically through:

  • Secure electronic transmission or transfer by removable media, including encryption. The data files or the electronic transmission conveying the files must be encrypted. Encryption must have 128-bit encryption and the use of a strong password (minimum eight characters, mixture of upper- and lowercase letters, numerals and special characters). The password must be provided separately from the device or transmission; and 
  • In-person transfer by removable media not including encryption. If a credit union is unable or unwilling to provide data as mandated in the previous option, it may accept data if a credit union representative provides the data files to the examiner and remains physically present while the examiner transfers the data to the NCUA’s encrypted equipment.

“The above protocols reflect the initial steps NCUA is taking to strengthen the safeguards for sensitive data received electronically from a credit union during an examination,” the letter reads. “NCUA is in the process of acquiring a secure file transfer solution (such as an online portal) to facilitate examiner staff and credit unions securely and efficiently exchanging information.”

Fazio added that agency aims to have such a solution in place early in 2016.