ALEXANDRIA, Va. – In a recent legal opinion letter, NCUA stated that federally insured credit unions do not have to notify NCUA of every potential security breach affecting sensitive member information. Redstone Federal Credit Union Compliance Manager Suzanne Turner wrote the agency seeking guidance on notification of NCUA following a data security breach and asked about several hypothetical examples from human error to computer hacking. "The overriding theme of NCUA's guidance to credit unions in this area is risk assessment," NCUA Associate General Counsel Sheila Albin wrote in Legal Opinion Letter 06-0332. "When an incident occurs, the first step of any response program should be to assess the nature and scope of the incident and the likelihood of harm to the member whose information is affected. Where an incident, even one involving sensitive member information, involves little or no likelihood of harm to the member, a credit union need not notify the NCUA." Albin added that NCUA's rules do not prescribe a method of notification, but credit unions should use a form that is "reasonably likely to be effective." She also recommended using a method that could be documented such as letter, e-mail, or fax. If the urgency of the situation requires a phone call, try to document it in some way. Notification should be provided as soon as possible following the incident and separate notices are required for separate incidents. "In this respect, credit unions should consider providing a follow-up notice to keep NCUA apprised of significant new circumstances relating to a specific incident previously reported," Albin wrote. Good judgment should be used in determining the content of the notification, she explained.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.