Section 031-980-1 - Authority and PurposeThe Superintendent has adopted this Rule, pursuant to 24-AM.R.S.A. §§212 and 2220 and 15U. S.C. §§ 6801(b) and 6805(b)(2), to establish standards for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.
A. Subsection 501(a) of the Gramm-Leach-Bliley Act, codified at 15U.S.C. § 6801(a), provides that it is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information. Subsection 501(b), codified at 15U.S.C. § 6801(b), requires the state insurance regulatory authorities to establish appropriate standards relating to administrative, technical, and physical safeguards: (1) to ensure the security and confidentiality of customer records and information; (2)to protect against any anticipated threats or hazards to the security or integrity of such records; and (3)to protect against unauthorized access to or use of records or information that could result in substantial harm or inconvenience to a customer.B. Paragraph 505(b)(2) of the Gramm-Leach-Bliley Act, codified at 15U.S.C. § 6805(b)(2), calls on state insurance regulatory authorities to implement the standards prescribed under Section 501(b) by regulation with respect to persons engaged in providing insurance.C. Section 507 of the Gramm-Leach-Bliley Act, codified at 15U.S.C. § 6807, provides, among other things, that a state regulation may afford persons greater privacy protections than those provided by subtitle A of Title V of the Gramm-Leach-Bliley Act. The safeguards established pursuant to this Rule apply to all nonpublic personal information protected by either the Gramm-Leach-Bliley Act or the Maine Insurance Information and Privacy Protection Act, including health information as well as financial information.02-031 C.M.R. ch. 980, § 1