LISTSERV - HP3000-L Archives

HP3000-L Archives

February 2003, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L February 2003, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	OT: OT: GLBA and service bureaus
From:	[log in to unmask]
Reply To:	[log in to unmask]
Date:	Mon, 24 Feb 2003 13:15:16 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (24 lines)

Basically, when a financial institution, such as a CU or an insurer, ftps
their print output to a service bureau's public ftp server (but with their
own account and password), does the data have to be encrypted? If not, what
obligation does either party have to ensure the security and privacy of said
data?

I'm betting that more than a few people on this list have had to answer this
question, from one side of the relationship, or another. I've spent some
time googling, and so far, have found vendor site more interested in selling
their answer than in addressing the question, or found .gov sites that are
large and time consuming. Section 314.4 Paragraph 4 & 5 look interesting,
based on the discussion I found
<http://www.ftc.gov/os/2002/05/67fr36585.pdf>. Now, I just need to find part
314 of 16 CFR, without the benefit of a hyperlink to it...

Greg Stigers
http://www.cgiusa.com
================================
The whole is more than the sum of its parts.
-- [log in to unmask]

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU