Current through 2024-44, October 30, 2024
Section 031-980-4 - Information Security ProgramA. Program Required. Each regulated insurance entity shall implement a written, comprehensive information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the regulated insurance entity and the nature and scope of its activities.B. Deference to Primary Regulator. If a regulated insurance entity is domiciled in another jurisdiction or subject to the primary jurisdiction of a different functional regulator, and the statutes and regulations administered by its domiciliary regulator or primary functional regulator establish standards for protecting the security of customer information which are substantially similar to those established by this Rule, then good faith compliance with those standards to the satisfaction of the regulated insurance entity's primary regulator shall constitute compliance with this Rule.02-031 C.M.R. ch. 980, § 4