Sec. 16. (a) A licensee shall develop, implement, and maintain a comprehensive, written information security program that: (1) is based on the risk assessment required under section 17 of this chapter; and (2) contains administrative, technical, and physical safeguards for the protection of nonpublic information and the licensee's information systems. (b) An information security program must accomplish the following: (1) Protect the security and confidentiality of nonpublic information and information systems. (2) Protect against any threats or hazards to the security or integrity of nonpublic information and information systems. (3) Protect against unauthorized access to or use of nonpublic information and minimize the likelihood of harm to a consumer. (4) Define and periodically reevaluate a schedule for retention of nonpublic information and a procedure for its destruction when no longer needed.
‹ Prev All Indiana sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.