Section 533.331 - Data breach - duty to notify1. In accordance with 12 C.F.R. pt. 748, Appendix B, a state credit union shall maintain an information security response program that includes procedures for notifying the credit union division as soon as possible after the credit union becomes aware of an incident involving unauthorized access to or use of sensitive member information that would permit access to the member's account, as further detailed in 12 C.F.R. pt. 748.2. State credit unions that experience an information security breach may be subject to chapter 715C.Added by 2016 Iowa, SF 2279,s 7, eff. 7/1/2016.