Can I skip having an information security program in place in New Hampshire? What are the requirements?

Information Security Program Requirements in New Hampshire

In New Hampshire, every licensee is required to implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information ^[1.5]. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities ^[1.5].

The objectives of the information security program are to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer ^[1.6].

Therefore, it is not possible to skip having an information security program in place in New Hampshire if you are a licensee.

Source(s):

• [1.5] Information Security Program
• [1.6] Objectives of Information Security Program

Jurisdiction

New Hampshire

• Privacy