Current through Register Vol. 63, No. 12, December 1, 2024
Section 836-081-0101 - Purpose, Policy, Authority and Effective Date(1) OAR 836-081-0101 to 836-081-0126 are adopted by the Director of the Department of Consumer and Business Services under the authority of ORS 731.244 for the purpose of implementing:(a) ORS 746.240, relating to trade practices found by the Director to be an unfair or deceptive act or practice in the transaction of insurance that is injurious to the insurance-buying public; and(b) ORS 746.670, relating to the Director's authority to examine and investigate into the affairs of an insurer, agent or insurance support organization in order to determine whether any of those entities is violating or has violated any provision of ORS 746.600 to 746.690, governing the use and disclosure of insurance information.(2) OAR 836-081-0101 to 836-081-0126 establish standards for developing and implementing administrative, technical and physical safeguards to protect the security, confidentiality and integrity of customer information, pursuant to Sections 501, 505(b), and 507 of the Gramm-Leach-Bliley Act, codified at 15 U.S.C. 6801, 6805(b) and 6807, as follows: (a) Section 501(a) provides that it is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information. Section 501(b) requires the state insurance regulatory authorities to establish appropriate standards relating to administrative, technical and physical safeguards:(A) To ensure the security and confidentiality of customer records and information;(B) To protect against any anticipated threats or hazards to the security or integrity of such records; and(C) To protect against unauthorized access to or use of records or information that could result in substantial harm or inconvenience to a customer.(b) Section 503(a)(3) requires each financial institution to develop policies for protecting the nonpublic personal information of consumers, and to make those policies available in written form.(c) Section 505(b)(2) calls on state insurance regulatory authorities to implement the standards prescribed under Section 501(b) by regulation with respect to persons engaged in providing insurance.(d) Section 507 provides, among other things, that a state regulation may afford persons greater privacy protections than those provided by subtitle A of Title V of the Gramm-Leach-Bliley Act. The safeguards established pursuant to OAR 836-081-0101 to 836-081-0126 apply to nonpublic personal information, including financial information and health information.(3) Each licensee shall establish and implement an information security program, including appropriate policies and systems pursuant to OAR 836-081-0101 to 836-081-0126.Or. Admin. Code § 836-081-0101
ID 2-2003, f. & cert. ef. 3-17-03; ID 8-2005, f. 5-18-05, cert. ef. 8-1-05Publications: Publications referenced are available from the agency.
Stat. Auth.: ORS 731.244
Stats. Implemented: ORS 746.240 & 746.670