230 R.I. Code R. 230-RICR-20-60-8.2

Current through December 3, 2024
Section 230-RICR-20-60-8.2 - Purpose and Scope
A. This Regulation establishes standards for developing and implementing administrative, technical and physical safeguards to protect the security, confidentiality and integrity of customer information, pursuant to §§501, 505(b), and 507 of the Gramm-Leach-Bliley Act ("GLBA") at 15 U.S.C. §§ 6801, 6805(b) and 6807 (1999) as amended.
B. §501(a) of GLBA provides that it is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information. §501(b) requires the state insurance regulatory authorities establish appropriate standards relating to administrative, technical and physical safeguards:
1. To ensure the security and confidentiality of customer records and information;
2. To protect against any anticipated threats or hazards to the security or integrity of such records; and
3. To protect against unauthorized access to or use of records or information that could result in substantial harm or inconvenience to a customer.
C. §505(b)(2) of GLBA calls on state insurance regulatory authorities to implement the standards prescribed under §501(b) by regulation with respect to persons engaged in providing insurance.
D. §507 of GLBA provides, among other things, that a state regulation may afford persons greater privacy protections than those provided by subtitle A of Title V of GLBA. This Regulation requires that the safeguards established pursuant to this Regulation shall apply to nonpublic personal information, including nonpublic personal financial information and nonpublic personal health information.

230 R.I. Code R. 230-RICR-20-60-8.2

Amended effective 7/16/2020