Credit unions are guided by a series of internal, state and federal rules and regulations pertaining to data security. One example is the requirements established by the National Credit Union Association (NCUA). This entity has set forth the IT Security Compliance Guide designed to summarize the obligations of credit unions to protect information in specific situations. One specific situation is the proper capturing – and disposal of information. It is often this situation, and the role of credit union partners and administrators, that puts a credit union at risk for a data breach. Let’s take a look at the guidelines and the opportunity for risk.
The proper disposal of information requirements in the Security Guidelines applies to any personal information a credit union obtains about an individual. But those requirements also extend to a credit union’s providers. A credit union must require its service providers that have access to consumer information to develop appropriate measures for the proper disposal of the information, regardless of whether a loan is ultimately secured. In essence, if a dealership provides credit information to a potential lender, that information must be disposed of properly whether the loan is completed or not. How often do you assess the information disposal practices of your partners?