"Time Flies! Navigating Federal Banking Regulators' 36-Hour Security Incident Notification Rule," Davis Wright Tremaine Webinar

Under new rules issued by the Federal Reserve, FDIC, and OCC, banks and their service providers must provide notice of a "computer-security incident" within 36 hours. The rule goes into effect on April 1, 2022, with full compliance extended to May 1, 2022. DWT's privacy and security and banking and financial services practice groups discuss the new rules and strategies for compliance.

Topics:

• Entities covered by the new rules
• The definition of a "computer-security incident" and instances when applying the definition might be challenging
• Strategies for analyzing a potential computer-security incident and evaluating whether the notification obligation is triggered (i.e., is a "Notification Event")
• Specific notification requirements for service providers
• How the new rules compare to other breach and incident notification requirements
• Practical considerations for incident response plans and procedures

Speakers:

• Alexandra Barrage
• Michael Borgia

(On-demand versions are not eligible for CLE credit.)