Doug Olenick reports:
The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies. For example, they say that the definition of a reportable “computer security incident” is too broad and would result in the reporting of insignificant events.
The proposed regulation, the Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, was posted to the Federal Register on Jan. 12, and the deadline for comments was Wednesday.
Read more on BankInfoSecurity.