12 CFR § 748.0 - Security program.
(a) Each federally insured credit union will develop a written security program within 90 days of the effective date of insurance.
(b) The security program will be designed to:
(1) Protect each credit union office from robberies, burglaries, larcenies, and embezzlement;
(2) Ensure the security and confidentiality of member records, protect against the anticipated threats or hazards to the security or integrity of such records, and protect against unauthorized access to or use of such records that could result in substantial harm or serious inconvenience to a member;
(3) Respond to incidents of unauthorized access to or use of member information that could result in substantial harm or serious inconvenience to a member;
(4) Assist in the identification of persons who commit or attempt such actions and crimes, and
(5) Prevent destruction of vital records, as defined in 12 CFR part 749.
(c) Each Federal credit union, as part of its information security program, must properly dispose of any consumer information the Federal credit union maintains or otherwise possesses, as required under § 717.83 of this chapter.