The following words and terms, when used in this subchapter, shall have the following meanings unless the context clearly indicates otherwise:
"Access" means the ability to create, read, modify, and/or delete controlled data.
"Authorized user" means a current employee of the casino licensee, affiliate, or vendor, which has been approved by the casino licensee's Information Technology (IT) Department to access a controlled computer system.
"Computer access" or "logical access" means any access to controlled data or software.
"Computer security" means the physical and logical controls that are used to prevent unauthorized access to controlled hardware, software, and data.
"Confidential data" means any data that is collected by the casino licensee that is not in the public domain.
"Controlled computer system" means all hardware and software used to protect, generate, or store controlled data.
"Controlled data" means any casino related record, other than marketing data, that is required by the Casino Control Act and the Division rules.
"Controlled hardware" means any device that is used by a controlled computer system.
"Controlled software" means any software, other than marketing applications, that can be used to create or alter controlled data.
"Critical computer system" means all hardware and software used to protect, generate, or store critical data.
"Critical data" is a subset of controlled data and means any record that is used in the calculation of gross gaming revenue and does not include marketing data.
"Critical hardware" means any device that is used to store critical data.
"Critical location" means any physical location used to house critical hardware and software.
"Critical software" means any program that can be used to create or alter critical data.
"Disaster recovery plan" means written procedures, including assigned roles and responsibilities, designed to restore all or part of a casino licensee's controlled computer system capabilities in the event that the system is rendered unusable by a disaster.
"Division best practice" means a course of action recommended by the Division. When Division best practice is not used, the casino licensee shall document in its internal controls, the course of action to be taken. Such internal controls shall be approved by the casino licensee's Director of IT Division best practices shall be considered a safe harbor such that a licensee that implements the Division best practice shall not be subject to sanctions if the regulation for which the Division best practice set forth is breached.
"Firewall" means dedicated computer hardware, software, and related device security policies, which are controlled by the casino licensee's IT department to effectively protect a controlled computer system, its software, and data from unauthorized access.
"Personal patron data" means any non-public patron information collected by the casino licensee, including date of birth, social security number, credit card numbers, bank account information, and driver's license number.
"Qualified affiliate" is a holding, intermediary or subsidiary company of a casino licensee that has been found qualified in conjunction with such licensee's casino license.
"Release Notes" means documents which describe and provide the reason for changes made to components, configurable options, settings, or versions of a critical computer system.
"Remote access" means connectivity to a controlled computer system from a location outside of the casino licensee's casino facility.
"System integrity" means the validity of controlled data and the controls used to minimize human error, hardware malfunctions, transmission errors, software errors, infiltration of unwanted software (malware, virus, etc), and disasters.
N.J. Admin. Code § 13:69D-2.1