As we close out Cybersecurity Awareness Month, a reminder about reporting requirements should you experience a data breach.
Licensees are required to report all data breaches to the Department, regardless of the size of the breach.
Currently, there is not a way to report a breach through NMLS, so you must notify the Department directly. Data breach reports should be emailed to csenforcecomplaints@dfi.wa.gov
Licensees may also need to report the breach to the Washington State Attorney General’s Office. You can learn more about their requirements on their Attorney General Data Breach Notifications page.
To help licensees protect consumer information, the Department has an Information Security Resource page. In addition to resources, the page also includes a ransomware self-assessment tool for banks that has been adapted for nonbank institutions by CSBS. Applicable Washington Administrative Codes (WAC) related to information security requirements for each license type are also listed on that page.