OCC issues bulletin on video conferencing and data privacy

The OCC today issued a bulletin for community banks on the legal requirements for protecting non-public OCC information in video teleconferencing services. Banks and other parties in possession of such information—such as supervisory correspondence and investigatory files—are prohibited from disclosure without the agency’s prior approval, except in very limited circumstances, according to the OCC. The agency listed several security expectations for any videoconference in which non-public OCC information will be communicated. They include using an encrypted connection, moderating the meetings, making no recordings or transcriptions, and ensuring the videoconference service is securely configured and routinely patched to protect against cyber intrusion.