Compilation of Rules and Regulations of the State of Georgia
Department 80 - RULES OF DEPARTMENT OF BANKING AND FINANCE
Chapter 80-1 - BANKS
Subject 80-1-3 - BOOKS AND RECORDS
Rule 80-1-3-.04 - Notification of Computer Security Incident
Pursuant to 12 C.F.R. Part 304 and 12 CFR Part 225 banks and bank holding companies are required to notify the appropriate federal regulator no later than 36 hours after the financial institution determinates that a computer security incident, which rises to the level of a notification incident, has occurred. A computer security incident is an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits. If notification of a computer security incident is required to be provided under federal law, then a duplicate of such notification will simultaneously be submitted to the Department.
O.C.G.A. § 7-1-61.