A. Each insurance institution, agent, and insurance-support organization shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of policyholder information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the insurance institution, agent, or insurance-support organization and the nature and scope of its activities.
1. Ensure the security and confidentiality of policyholder information;
2. Protect against any anticipated threats or hazards to the security or integrity of the information; and
3. Protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any policyholder.
History
2003, c. 729.