Current through Register Vol. 50, No. 11, November 20, 2024
Section VI-905 - Information Security Management and Data SecurityA. The licensee shall implement, maintain, regularly review and revise, and comply with a comprehensive Information Security Management System (ISMS), the purpose of which shall be to take reasonable steps to protect the confidentiality, integrity, and availability of personal identifying information of individuals who place a wager with the licensee, and shall contain administrative, technical, and physical safeguards appropriate to the size, complexity, nature, and scope of the operations and the sensitivity of the personal information owned, licensed, maintained, handled, or otherwise in the possession of the licensee. Additional ISMS specifications may be adopted by the division or board.B. Licensees and operators shall comply with all applicable state and federal requirements for data security.C. Logging of sports wagering platform data 1. All sports wagering platforms shall be designed to ensure the integrity and confidentiality of all patron communications and ensure the proper identification of the sender and receiver of all communications. If communications are performed across a public or third-party network, the system shall either encrypt the data packets or utilize a secure communications protocol to ensure the integrity and confidentiality of the transmission.2. Sports wagering platforms shall employ a mechanism capable of maintaining a separate copy of all of the information required to be logged in this Section on a separate and independent logging device capable of being administered by an employee with no incompatible function. If the sports wagering platforms can be configured such that any logged data is contained in a secure transaction file, a separate logging device is not required.
3. Operators shall provide upon request, in a format required by the board, all online sports betting system data. Sports betting system data includes, but is not limited to, employee data and logs, geo-fence logs, player activity and betting information, and event logs related to the operator's Louisiana sports wagering operations.4. Requirements for system specifications and sports wagering platform logging shall be detailed in internal controls.D. The sports wagering platform shall provide a logical means for securing individual and player data and wagering data, including accounting, reporting, significant event, or other sensitive information, against alteration, tampering, or unauthorized access.E. The licensee shall describe its process for the backup and recovery of the required sports wagering platform data in its approved internal controls. Any changes to the process shall be approved by the division prior to the changes being implemented on the platform.La. Admin. Code tit. 42, § VI-905
Promulgated by the Department of Public Safety and Corrections, Gaming Control Board, LR 47, Promulgated by the Department of Public Safety and Corrections, Gaming Control Board, LR 4870 (1/1/2022).AUTHORITY NOTE: Promulgated in accordance with R.S. 27:15 and 24.