Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I skip having an information security program in place in Wyoming? What are the requirements?

Information Security Program Requirements in Wyoming

No, you cannot skip having an information security program in place in Wyoming. According to WY Stat § 40-12-502, each licensee shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities [1.1].

The objectives of the information security program are to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer [1.2].

Record Requirements

In addition to the comprehensive records which persons selling innovative financial products or services must keep under W.S. 40-29-106(d), those persons must further maintain all consumer contact information, including the information required in Section 3 of these rules, all agreements, contracts and subscription records, all correspondence between the person selling the innovative financial product or service and the consumer, all financial statements and bank account records, and a copy of all advertisements the person selling the innovative financial product or service has used to market their product or service in Wyoming [3.1].

Notification Requirements in Case of a Computer Security Breach

If you become aware of a breach of the security of the system, you must conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal identifying information has been or will be misused. If the investigation determines that the misuse of personal identifying information about a Wyoming resident has occurred or is reasonably likely to occur, you must give notice as soon as possible to the affected Wyoming resident. Notice shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and consistent with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the computerized data system [2.1].

The notification required by this section may be delayed if a law enforcement agency determines in writing that the notification may seriously impede a criminal investigation [2.1].

Security Freeze

A consumer may place a security freeze on the consumer’s credit report by making a request to a consumer reporting agency in writing by certified mail and providing proper identification. If a security freeze is in place, a consumer reporting agency may not release a consumer’s credit report or information derived from the credit report to a third party that intends to use the information to determine a consumer’s eligibility for credit or the opening of a new account without prior authorization from the consumer. A consumer reporting agency may communicate to a third party requesting a consumer’s credit report that a security freeze is in effect on the consumer’s credit report. If a third party requesting a consumer’s credit report in connection with the consumer’s application for credit is notified of the existence of a security freeze under this subsection, the third party may treat the consumer’s application as incomplete [2.2].

Conclusion

No, you cannot skip having an information security program in place in Wyoming. You must implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The objectives of the information security program are to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer. In case of a computer security breach, you must conduct a reasonable and prompt investigation to determine the likelihood that personal identifying information has been or will be misused. If the investigation determines that the misuse of personal identifying information about a Wyoming resident has occurred or is reasonably likely to occur, you must give notice as soon as possible to the affected Wyoming resident. Additionally, you must maintain all consumer contact information, agreements, contracts, subscription records, correspondence, financial statements, bank account records, and advertisements used to market innovative financial products or services in Wyoming. Finally, consumers may place a security freeze on their credit report to prevent unauthorized access to their credit information [1.1][1.2][2.1][3.1][2.2].

Source(s):
Jurisdiction

Wyoming