Bill > H5415

This bill establishes comprehensive cybersecurity standards for financial institutions licensed under Chapter 14 of Title 19, requiring them to develop and maintain robust information security programs. The bill mandates that licensees create a written security program with administrative, technical, and physical safeguards tailored to their size, complexity, and the sensitivity of customer information. Key requirements include designating a qualified individual to oversee the security program, conducting periodic risk assessments, implementing access controls, encrypting customer data, using multi-factor authentication, developing secure application practices, and creating an incident response plan. Licensees must also regularly test their security systems, provide employee security training, monitor service providers, and establish business continuity plans. Additionally, the bill requires licensees to notify the director within three business days of a significant security event that could materially harm consumers or the institution's operations, providing detailed information about the breach, including the type of information involved, estimated number of affected consumers, and remediation efforts. Notably, the requirements do not apply to regulated financial institutions already subject to federal banking regulations. The bill aims to protect customer information's security, confidentiality, and integrity in an increasingly digital financial landscape.

Business and Industry

https://status.rilegislature.gov/