Statutes, codes, and regulations
Oregon Administrative Code
Chapter 836 - DEPARTMENT OF CONSUMER AND BUSINESS SERVICES, INSURANCE REGULATION
Division 81 - TRADE PRACTICES - GENERAL PROVISIONS
Section 836-081-0111 - Information Security Program

Or. Admin. Code § 836-081-0111

Download
PDF
Current through Register Vol. 63, No. 12, December 1, 2024
Section 836-081-0111 - Information Security Program
(1) Each licensee shall implement a comprehensive written information security program that includes administrative, technical and physical safeguards for the protection of customer information. The administrative, technical and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities.
(2) If a licensee is domiciled in another jurisdiction or subject to the primary jurisdiction of a different functional regulator, and the statutes and rules administered by its domiciliary regulator or primary functional regulator establish standards for protecting the security of consumer information that are substantially similar to those established by OAR 836-081-0101 to 836-081-0126, then good faith compliance with those standards to the satisfaction of the licensee's primary regulator shall constitute compliance with OAR 836-081-0101 to 836-081-0126.

Or. Admin. Code § 836-081-0111

ID 2-2003, f. & cert. ef. 3-17-03

Stat. Auth.: ORS 731.244

Stats. Implemented: ORS 746.240, ORS 746.670