§ 38.2-613.2. Information security program
A. Each insurance institution, agent, and insurance-support organization shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of policyholder information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the insurance institution, agent, or insurance-support organization and the nature and scope of its activities.
B. The information security program shall be designed to:
1. Ensure the security and confidentiality of policyholder information;
2. Protect against any anticipated threats or hazards to the security or integrity of the information; and
3. Protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any policyholder.
(2003, c. 729.)
Sections: Previous 38.2-611 38.2-612 38.2-612.1 38.2-612.2 38.2-613 38.2-613.01 38.2-613.1 38.2-613.2 38.2-614 38.2-615 38.2-616 38.2-617 38.2-618 38.2-619 38.2-620 NextLast modified: April 3, 2009