Faster, more comprehensive breach notification requirements proposed
The proposed rule would, among other things, require banks to notify their primary regulators of a triggering incident as soon as possible, and no later than 36 hours after learning that the incident occurred, and would require banking service providers to notify affected bank customers immediately after experiencing a security incident that disrupts or impairs services for four hours or more. The proposed rule would fundamentally change a bank’s current notification obligations. [Continue]