Wyoming Administrative Code
Agency 038 - Wyoming Gaming Commission
Sub-Agency 0002 - Online Sports Wagering
Chapter 6 - Sports Wagering Accounts
Section 6-19 - Personal Identifying Information (PII) Security

Universal Citation: WY Code of Rules 6-19

Current through September 21, 2024

(a) Any information obtained in respect to the sports wagering account, including PII and authentication credentials, shall be done in compliance with the privacy policies and local privacy regulations and standards observed by the Commission. Both PII and the patron funds shall be considered as critical assets for the purposes of risk assessment.

(b) No employee or agent of the sports wagering operator or sports wagering vendor shall divulge any PII related to a sports wagering account, the placing of any wager or any other sensitive information related to the operation of the sports wagering system without the consent of the patron, except as required by this section, the Commission, and as otherwise required by state or federal law. This includes, but is not limited to:

(i) The amount of money credited to, debited from, or present in any particular patron's sports wagering account;

(ii) The amount of money wagered by a particular patron on any event or series of events;

(iii) The unique patron ID or username and authentication credentials that identify the patron;

(iv) The identities of particular events on which the patron is wagering or has wagered; and

(v) Unless otherwise authorized by the patron, the name, address, and other information in possession of the sports wagering operator or sports wagering vendor that would identify the patron to anyone other than the Commission, sports wagering operator or sports wagering vendor.

(c) There shall be procedures in place for the security and sharing of PII, funds in a sports wagering account and other sensitive information as required by the Commission, including, but not limited to:

(i) The designation and identification of one or more employees having primary responsibility for the design, implementation, and ongoing evaluation of such procedures and practices;

(ii) The procedures to be used to determine the nature and scope of all information collected, the locations in which such information is stored, and the storage devices on which such information may be recorded for purposes of storage or transfer;

(iii) The measures to be utilized to protect information from unauthorized access; and

(iv) The procedures to be used if a breach of data security has occurred, including required notification to the Commission.

(d) Additional requirements for PII security may be specified by the Commission through the issuance of Commission Directives.

Disclaimer: These regulations may not be the most recent version. Wyoming may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.