Last month, the CEO of BNY Mellon told the American Banker that his bank's greatest single concern is cybersecurity. We live in an era where a security breach can be devastating to a variety of businesses, whether through a direct loss of funds, civil liability, or massive reputational harm to a brand.
Some of the fastest-developing topics I encounter in my law practice involve security breaches, unauthorized transactions, and corporate account takeovers. Several weeks ago, I addressed the legal aspects of these issues in a presentation delivered at the North Carolina Bankers Association's Security Summit. Some of the questions addressed in the presentation included the following:
- What obligations under federal and North Carolina law do businesses have when there has been a security breach involving customer information?
- At what point does an incident involving customer information rise to the level of a "security breach" for which the applicable laws require specific responses?
- Who must bear the loss when there is an unauthorized transfer of funds in a consumer's bank account?
- If a company's bank account is compromised (hacked) in a "corporate account takeover" and funds are transferred from the account without authorization, is the bank required to refund the company's money?
The importance of these issues continues to grow, and I intend to speak and write more about these and related topics in the coming days.
[*As with all of the information I post here on the blog, this is shared for general educational purposes only, and does not constitute legal advice. I will not be updating this information as the law develops, and I reserve the right to change my position on any issue addressed in these materials in the future.]