38.2-613.2 - Information security program.
§ 38.2-613.2. Information security program.
A. Each insurance institution, agent, and insurance-support organizationshall implement a comprehensive written information security program thatincludes administrative, technical, and physical safeguards for theprotection of policyholder information. The administrative, technical, andphysical safeguards included in the information security program shall beappropriate to the size and complexity of the insurance institution, agent,or insurance-support organization and the nature and scope of its activities.
B. The information security program shall be designed to:
1. Ensure the security and confidentiality of policyholder information;
2. Protect against any anticipated threats or hazards to the security orintegrity of the information; and
3. Protect against unauthorized access to or use of the information thatcould result in substantial harm or inconvenience to any policyholder.
(2003, c. 729.)