Can you summarize GARR Rule 80-1-3-.04?

Short Summary

Pursuant to 12 C.F.R. Part 304 and 12 CFR Part 225 banks and bank holding companies are required to notify the appropriate federal regulator no later than 36 hours after the financial institution determinates that a computer security incident, which rises to the level of a notification incident, has occurred. A computer security incident is an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits. If notification of a computer security incident is required to be provided under federal law, then a duplicate of such notification will simultaneously be submitted to the Department.

Jurisdiction

Georgia

Source

GARR Rule 80-1-3-.04 [https://reggi.cloud.regology.com/regulations/US-GARR/US-GARR_T_80_C_1_SC_3_S_04]

• Banking