Does the Department require that credit monitoring be offered in the event of an information security incident?
It looks like the Department may require credit monitoring in some circumstances. The Bulletin states that: Depending on the type of incident and information involved, the Department will also want to have discussions regarding the level of credit monitoring and insurance protection which the Department will require to be offered to affected consumers and for what period of time. In addition, the Department wants to review the draft letters informing individuals of the information security incident. Will the Department impose penalties? The Bulletin states that the Department will evaluate each incident independently based on the applicable circumstances, and notes that some situations may warrant imposition of administrative penalties. The Department urges licenses and registrants to follow these procedures in order to minimize the possibility for penalties. Licenses and registrants surely will need to review this guidance and incorporate it into their information security programs. O
Related Questions
- Contracting Officers: Our event is going to require police officers for security and traffic control. How do I contract with the police department to provide them?
- There is a Class/Event Being Offered at GRAR that Looks Interesting but Does Not Count for CE Credit. Should I Bother Taking It?
- How do I enroll in the free Triple Advantage credit monitoring offered as remediation by BNY Mellon?
