(1) Generally, applicants and licensees must have a written program appropriate to the company's size and complexity, the activity conducted, and the sensitivity of information at issue. The program must ensure the information's security and confidentiality, protect against anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information.
(2) The information security plan must be maintained as part of your books and records.
(3) For more information access the FTC website on the Safeguards Rule at: https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying and see 16 C.F.R. 314.
[Statutory Authority: RCW
43.320.040 and
19.230.310. WSR 18-13-108, § 208-690-250, filed 6/19/18, effective 8/1/18; WSR 16-14-022, § 208-690-250, filed 6/27/16, effective 8/1/16.]