Posted by Steve Van Beek
The internet is truly a wonderful thing. At last year's Compliance Seminar I gave a talk on Organizing the Compliance Information Flow (additional materials here) - with an emphasis on automating how information comes to your desk (or computer).
Data Breach Laws
I wanted to share two resources that came my way. The first came through my RSS Reader, via the Privacy Law Blog, and it contains a list of each state's data breach laws. Sometimes finding the laws themselves are half of the battle, but in this case all the state laws are linked to in an organized manner. Proskauer Rose LLP runs the Privacy Law Blog - which also covers issues such as CAN-SPAM, COPPA, Privacy laws (obviously), and Identity Theft issues.
Escrow Accounting Information
The next useful resource came from the Federal Reserve, but not the central arm of the Federal Reserve. This resource came from the Philadelphia Federal Reserve's Consumer Compliance Outlook. The article, Escrow Accounting Rules, Are You In Compliance?, addresses the current escrow rules (including best practices) as well as the upcoming amendments from RESPA and Regulation Z (via HOEPA). Thus, if your credit union will need to begin escrowing due to the new Higher-Priced Mortgages category in Regulation Z - this resource is a great place to start.
In this compliance environment, having useful information sent directly to you - rather than having to go and find it (if it exists) - is a huge time and energy saver. Well, you know that already as you've subscribed to this blog.......
Hi Steve. Thanks for the cool resource on privacy laws! I have a question about that...does a credit union have to follow the privacy laws of the state in which they are headquartered or the state in which the affected members live?
Posted by: Jason Clarke | August 14, 2009 at 08:15 AM
Jason, it will probably depend on the language of the law itself. The state law would indicate whom it covers - which would most likely be the residents of that state. For example, Missouri residents (consumer is defined as a "an individual who is a resident of this state" [Missouri]) would be covered by Missouri's data breach law - even if they conduct business with a credit union in another state.
Posted by: Steve Van Beek | August 14, 2009 at 08:50 AM
So in the event of any kind of data breach we will have to look to the state laws for any state in which we have members, because there is the potential for different standards and thresholds for reporting.
Posted by: Jason Clarke | August 14, 2009 at 09:29 AM