It’s been a long week, and it’s only Wednesday.  Bryan is due back from a well-deserved vacation, and I just know he’s going to ask for my next Dan’s New Leaf article.  Once again, I’m struggling again to come up with a topic.    I need to remember to ask a few Clients what they want me to write about.   In the background I hear the TV playing in the other room of my Study Barn.  Then I hear the words, “state law.”

When there is an incident at a community bank, one of the first steps after containment is to determine, through a well-designed process, if customers need to be notified, for their own protection.  While most banks are keen to notify customers based on safety, they still need to keep their eyes on two sets of laws – the federal law, and state laws.  Fortunately for banks, the federal government has spelled out a rather detailed process for responding to incidents.  But during an incident, banks also need to check the state laws covering all of the customers in their database.  It can be a daunting task to complete, given that most banks have customers from many states, especially when we’re all in a panic.

Sometimes we can offload this to our attorneys, but a lot of times we want to know what the laws are before hearing back from the attorneys.   Meanwhile, there needs to be a check of state law when we’re practicing response during our incident response exercises.

— Here’s where I get proud. —

If you go to our running library of state law links, a rundown of the 50 state-laws that banks may need to check during an incident, you will see how much our team wants to make information readily available to our Clients.   This page is not easy to keep updated. 

Our current CyberPoet Recipient, Matt Jolley, has been overseeing the research since 2017.  He actually compiled the first list as a solo article, not knowing our Clients would love it and want him to update it annually!  But we take a team approach to everything, and so I’m sure that a new employee or two now has a good understanding of how to find state laws related to cybersecurity incident response.

We offer these types of educational materials and resources – not only to our Clients, but to the community at-large – all in an attempt to empower you to manage technology risk.  That’s our mission.  Actually, our mission statement, written in the year 2000 and updated in 2019, is that “We maintain a growing and stable culture by empowering organizations to manage technology risk.”

It’s great to see Matt Jolley and our entire team taking steps on a day-to-day basis that can be traced directly back to our mission.

So, feel free to visit playlists.infotex.com, or statelaws.infotex.com, or posters.infotex.com, or any of our other amazing free resources.

And enjoy!