Can I skip having an information security program in place in Oklahoma? What are the requirements?

To answer your question, no, you cannot skip having an information security program in place in Oklahoma. According to OKAC 365:35-3-3, each licensee is required to implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities.

Furthermore, the objectives of the information security program, as stated in OKAC 365:35-3-4, are to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer.

Therefore, it is mandatory for licensees to have an information security program in place that meets the requirements outlined in the Oklahoma Administrative Code.

Jurisdiction

Oklahoma

• Privacy