Can you summarize GARR Rule 80-12-7-.04?

Short Summary

This legal document, part of the Rules and Regulations of the State of Georgia, pertains to Merchant Acquirer Limited Purpose Banks (MALPB) and their obligations regarding data breach insurance coverage. MALPBs are required to obtain insurance coverage that protects against the release of nonpublic confidential information under their care, custody, or control to an unauthorized environment or similar actions. The coverage must not be canceled, not renewed, or allowed to lapse without at least 60 days prior written notice to the Department of Banking and Finance. The insurance coverage must be obtained from a licensed insurance company with a minimum A.M. Best Company rating of A: VII. The amount of coverage, initially and subsequently, must be approved by the Department. MALPBs must provide a written justification to the Department, detailing the safeguards and protections employed to mitigate data release risks, including potential exposures under various stress scenarios. The justification should also evaluate the potential costs of a breach, such as forensic costs, legal fees, liabilities, notification requirements, and business impact. A certificate of insurance or similar documentation must be provided to the Department before engaging in any merchant acquiring activities.

Whom does it apply to?

Merchant Acquirer Limited Purpose Banks (MALPB), including their agents, independent contractors, employees of eligible organizations, support organizations, holding companies, and affiliates

What does it govern?

Data breach insurance coverage

What are exemptions?

No exemptions are mentioned.

What are the Penalties?

Not specified.

Jurisdiction

Georgia

Source

GARR Rule 80-12-7-.04 [https://reggi.cloud.regology.com/regulations/US-GARR/US-GARR_T_80_C_12_SC_7_S_04]

• Banking