Credit unions are constantly entering into agreements withthird-party vendors ranging in criticality from vendors thatimplement a new core processor to vendors that provide custodialservices. Regardless of the vendor, credit unions have a regulatoryobligation to protect confidential member information. Thisregulatory obligation has come under increased scrutiny by the NCUAconsidering the ever-present threat of cybersecurity data breaches.Therefore, in addition to credit unions' regulatory obligation tomaintain the security and confidentiality of member information, itis also imperative for credit unions to address the data breachthreat by ensuring there are adequate protections incorporated intotheir vendor agreements to avoid potential liability resulting fromunauthorized access or use of their confidential information.
Despite the fact that each third-party vendor agreement includesdifferent contractual terms, credit unions should make sure thatthe following five provisions are addressed in some capacity.First, the agreement must state what information the partiesconsider to be “confidential.” If member information will be sharedwith the vendor, member information should be explicitly listed asthe confidential information of the credit union. It must also beclearly stated that any and all confidential information of thecredit union is and will continue to be the exclusive property ofthe credit union.
Next, the agreement must state, in detail, how the creditunion's confidential information will be protected. The vendorshould agree to keep confidential information disclosed by thecredit union under the agreement confidential. The vendor shouldalso agree to only use the credit union's confidential informationin accordance with the agreement and to only disclose suchinformation to those who need to perform the vendor's serviceobligations under the agreement. The vendor must always remainresponsible for its confidentiality obligations under the agreementand must be held responsible for any breach of such obligations byany third party to which the vendor discloses the credit union'sconfidential information.
Continue Reading for Free
Register and gain access to:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts.
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders.
- Educational webcasts, white papers, and ebooks from industry thought leaders.
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com.
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
