Statutes, codes, and regulations
Nevada Administrative Code
Chapter 679B - Commissioner of InsuranceDISCLOSURE OF NONPUBLIC PERSONAL FINANCIAL INFORMATION
Programs for the Security of Customer Information
Section 679B.8417 - Factors considered by Commissioner in determining whether program is satisfactory

Nev. Admin. Code § 679B.8417

Download
PDF
Current through December 31, 2024
Section 679B.8417 - Factors considered by Commissioner in determining whether program is satisfactory

To determine whether a program implemented pursuant to NAC 679B.8415 is satisfactory, the Commissioner will consider:

1. The manner in which, in order to assess risk, the licensee:
(a) Identifies reasonably foreseeable internal and external threats or hazards which could result in the unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems;
(b) Assesses the likelihood and potential damage of the threats or hazards, taking into consideration the sensitivity of the customer information; and
(c) Assesses the sufficiency of policies, procedures, safeguards and customer information systems to manage and control risks.
2. Whether, in order to manage and control risk, the licensee:
(a) Designs such a program to control the identified risks, commensurate with the sensitivity of the customer information and the complexity and scope of the licensee's activities;
(b) Trains staff, as appropriate, to implement the program; and
(c) Regularly tests or monitors the key controls, systems and procedures of the program. The frequency and nature of such tests or monitoring practices must be determined by the risk assessment performed by the licensee.
3. Whether, in order to oversee arrangements with service providers, the licensee:
(a) Exercises due diligence in selecting service providers;
(b) Requires service providers to implement appropriate measures designed to meet the objectives of this section; and
(c) Takes appropriate steps to confirm that service providers have satisfied the requirements imposed pursuant to paragraph (b).
4. Whether the licensee monitors, evaluates and adjusts, as appropriate, such a program considering:
(a) Relevant changes in technology;
(b) Changes in customer information systems;
(c) The sensitivity of customer information;
(d) Internal and external threats or hazards to the customer information; and
(e) Changes in the business arrangements of the licensee, including, without limitation, mergers, acquisitions, alliances, joint ventures and outsourcing arrangements.
5. Any other information which the Commissioner deems relevant to the determination.

Nev. Admin. Code § 679B.8417

Added to NAC by Comm'r of Insurance by R125-18, eff. 10/25/2018

NRS 679B.130, 679B.137, 686A.025