Responding to a Data Breach Checklist (Financial Institutions)

Summary

This checklist outlines necessary steps for financial institutions and third-party service providers in the event of a hack or data breach. A hack or data breach occurs when sensitive, protected, or confidential information is compromised, stolen, or converted without prior authorization. As a best practice, financial institutions should develop data breach response policies and procedures as part of business continuity planning. Each of the federal bank regulatory agencies, as part of the Federal Financial Institutions Examination Council (FFIEC), issue interagency guidance on response programs for unauthorized access to customer information and customer notice. This checklist provides an overview of items highlighted in the FFIEC guidance, as well as other steps institutions should undertake when responding to a data breach.