Wash. Admin. Code § 208-680-532 - Information security program required by the federal Safeguards Rule implementing the Gramm-Leach-Bliley Act
(1) Generally, applicants and licensees must
have a written program appropriate to the company's size and complexity, the
activity conducted, and the sensitivity of information at issue. The program
must ensure the information's security and confidentiality, protect against
anticipated threats or hazards to the security or integrity of the information,
and protect against unauthorized access to or use of the information.
(2) Specifically, at a minimum the program
described in subsection (1) of this section must:
(a) Designate an employee or employees to
coordinate the information security program;
(b) Identify and assess the risks to customer
information;
(c) Design and
implement information safeguards to control the risks identified in the risk
assessment and regularly monitor and test the safeguards;
(d) Select service providers that can
maintain appropriate safeguards and oversee their handling of customer
information; and
(e) At least
annually evaluate and adjust the program in light of relevant circumstances,
including changes in business or operations, or the results of testing and
monitoring the effectiveness of the implemented safeguards.
(3) The information security
program must be maintained as part of your books and records.
(4) For more information access the FTC web
site on the Safeguard Rules at:
https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying
and see 16 C.F.R. 314.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.