Current through Register Vol. 50, No. 11, November 20, 2024
Section XV-1167 - Information Security Management and Data SecurityA. The operator shall implement, maintain, regularly review and revise, and comply with a comprehensive Information Security Management System (ISMS), the purpose of which shall be to take reasonable steps to protect the confidentiality, integrity, and availability of personal identifying information of individuals who place a wager with the operator, and shall contain administrative, technical, and physical safeguards appropriate to the size, complexity, nature, and scope of the operations and the sensitivity of the personal information owned, licensed, maintained, handled, or otherwise in the possession of the operator. Additional ISMS specifications may be adopted by the corporation.B. The operators shall comply with all applicable state and federal requirements for data security.C. Logging of Sports Wagering Platform Data 1. The sports wagering platform shall be designed to ensure the integrity and confidentiality of all patron communications and ensure the proper identification of the sender and receiver of all communications. If communications are performed across a public or third-party network, the system shall either encrypt the data packets or utilize a secure communications protocol to ensure the integrity and confidentiality of the transmission.2. Sports wagering platforms shall employ a mechanism capable of maintaining a separate copy of all of the information required to be logged in this section on a separate and independent logging device capable of being administered by an employee with no incompatible function. If the sports wagering platform can be configured such that any logged data is contained in a secure transaction file, a separate logging device is not required.3. The operators shall provide upon request, in a format required by the corporation, all online sports betting system data. Sports betting system data includes, but is not limited to, employee data and logs, geo-fence logs, player activity and betting information, and event logs related to the operator-us Louisiana sports wagering operations.4. Requirements for system specifications and sports wagering platform logging shall be detailed in internal controls.D. The sports wagering platform shall provide a logical means for securing individual and player data and wagering data, including accounting, reporting, significant event, or other sensitive information, against alteration, tampering, or unauthorized access.E. The operator shall describe its process for the backup and recovery of the required sports wagering platform data in its approved internal controls. Any changes to the process shall be approved by the corporation prior to the changes being implemented on the platform.La. Admin. Code tit. 42, § XV-1167
Promulgated by the Louisiana Lottery Corporation LR 471895 (12/1/2021).AUTHORITY NOTE: Promulgated in accordance with R.S. 47:9001 et seq.