|
ACH Data
Breach Notification Requirements
NACHA's Interim Policy
("Interim Policy") on ACH Data Breach
Notification Requirements, identifies
the policy's requirements for
Originating Depository Financial
Institutions ("ODFIs"), and provides
guidance to Receiving Depository
Financial Institutions ("RDFIs").
The Interim Policy
contains two major features, which are
described in more detail in the links
provided:
-
An ODFI is
required to notify NACHA of a breach
of consumer-level ACH data;
-
An ODFI is
required to make information about
such a breach available to affected
RDFIs.
NACHA strongly
encourages all RDFIs to ensure that they
can receive or access electronic
communications from their ACH
Operator(s), so that they can be
notified in the event that they are
affected by a reported breach of ACH
data.
The Interim Policy is effective on
September 28, 2007 until replaced or
superseded by changes to the NACHA
Operating Rules ("Rules"). The policy is
a statement of NACHA's expectation that
ODFIs and their Originators and Third
Parties will have appropriate procedures
in place to prevent, detect, and
investigate ACH data breach events, to
report such events to NACHA, and to make
information about such events available
to affected RDFIs.
NACHA Contacts
for ACH Data Breach Notification:
|
