Ask Reggi Your Question Now
Can you summarize VTCR 21-020-055?
INSURANCE DIVISION > REGULATION IH-2002-03 STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION
Short Summary
Regulation IH-2002-03, issued by the Department of Financial Regulation’s Insurance Division in Vermont, establishes standards for safeguarding customer information in the insurance industry. It applies to persons engaged in providing insurance and requires them to establish administrative, technical, and physical safeguards to ensure the security and confidentiality of customer records and information. The regulation aims to protect against anticipated threats or hazards to the security or integrity of customer records and unauthorized access or use of records that could harm or inconvenience customers. It covers nonpublic personal information, including nonpublic personal financial information and nonpublic personal health information. The regulation defines various terms and provides exemptions for purchasing groups and unauthorized insurers in regard to surplus lines business. However, specific penalties for non-compliance or violation of the regulation are not mentioned. Licensees are required to implement a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to their size, complexity, and activities. The program should ensure the security and confidentiality of customer information, protect against anticipated threats or hazards, and protect against unauthorized access or use of information that could harm customers. Licensees are also required to identify threats, assess risks, design controls, train staff, regularly test or monitor controls, exercise due diligence in selecting service providers, and monitor and adjust the information security program as needed. The regulation is effective 30 days from the date of adoption, and licensees are required to establish and implement an information security program by October 10, 2003.
Whom does it apply to?
Persons engaged in providing insurance
What does it govern?
Standards for developing and implementing safeguards to protect the security, confidentiality, and integrity of customer information
What are exemptions?
Exemptions for purchasing groups and unauthorized insurers in regard to surplus lines business conducted pursuant to chapter 138 of title 8 V.S.A.
What are the Penalties?
Specific penalties for non-compliance or violation of the regulation are not mentioned.
Jurisdiction
Vermont