Natural Person Notification

Natural Person Notification - For particular types of breaches, Alloya may need to notify member credit unions. If natural-person member data was breached, the Computer Security Incident Response Team (CSIRT) must consult with legal counsel on the notifications required by law, which vary by state. Generally, if the natural-person member data breach occurred at the credit union (e.g., a compromised workstation) then the credit union would be responsible for notifying the individuals. If the natural-person member data breach occurred at Alloya (e.g., a database server was breached), then Alloya would work with the credit unions to notify the individuals.