Current through Register Vol. 63, No. 9, September 1, 2024
(1) OAR
836-081-0101 to
836-081-0126 are adopted by the
Director of the Department of Consumer and Business Services under the
authority of ORS 731.244 for the purpose of
implementing:
(a) ORS
746.240, relating to trade
practices found by the Director to be an unfair or deceptive act or practice in
the transaction of insurance that is injurious to the insurance-buying public;
and
(b) ORS
746.670, relating to the
Director's authority to examine and investigate into the affairs of an insurer,
agent or insurance support organization in order to determine whether any of
those entities is violating or has violated any provision of ORS
746.600 to
746.690, governing the use and
disclosure of insurance information.
(2) OAR
836-081-0101 to
836-081-0126 establish standards
for developing and implementing administrative, technical and physical
safeguards to protect the security, confidentiality and integrity of customer
information, pursuant to Sections 501, 505(b), and 507 of the
Gramm-Leach-Bliley Act, codified at
15 U.S.C.
6801,
6805(b)
and
6807, as
follows:
(a) Section 501(a) provides that it
is the policy of the Congress that each financial institution has an
affirmative and continuing obligation to respect the privacy of its customers
and to protect the security and confidentiality of those customers' nonpublic
personal information. Section 501(b) requires the state insurance regulatory
authorities to establish appropriate standards relating to administrative,
technical and physical safeguards:
(A) To
ensure the security and confidentiality of customer records and
information;
(B) To protect against
any anticipated threats or hazards to the security or integrity of such
records; and
(C) To protect against
unauthorized access to or use of records or information that could result in
substantial harm or inconvenience to a customer.
(b) Section 503(a)(3) requires each financial
institution to develop policies for protecting the nonpublic personal
information of consumers, and to make those policies available in written
form.
(c) Section 505(b)(2) calls
on state insurance regulatory authorities to implement the standards prescribed
under Section 501(b) by regulation with respect to persons engaged in providing
insurance.
(d) Section 507
provides, among other things, that a state regulation may afford persons
greater privacy protections than those provided by subtitle A of Title V of the
Gramm-Leach-Bliley Act. The safeguards established pursuant to OAR
836-081-0101 to
836-081-0126 apply to nonpublic
personal information, including financial information and health
information.
(3) Each
licensee shall establish and implement an information security program,
including appropriate policies and systems pursuant to OAR
836-081-0101 to
836-081-0126.
Publications: Publications referenced are available from the
agency.
Stat. Auth.: ORS
731.244
Stats. Implemented: ORS
746.240 &
746.670
