(1) The purpose of these rules is to establish standards for developing and implementing administrative, technical and physical safeguards to protect the security, confidentiality and integrity of an individual's personal information requiring protection pursuant to the provisions of the Montana Insurance Information and Privacy Protection Act, Title 33, chapter 19, MCA (2001) (Privacy Act) , as required by the Gramm-Leach-Bliley Act (GLBA) , codified at 15 USC 6801, 6805(b) and 6807.
(2) Section 501(a) of GLBA provides that it is the policy of the congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those "customers' nonpublic personal information." Section 501(b) of GLBA requires the state insurance regulatory authorities to establish appropriate standards relating to administrative, technical and physical safeguards:
(a) to ensure the security and confidentiality of "customer" records and information;
(b) to protect against any anticipated threats or hazards to the security or integrity of such records; and
(c) to protect against unauthorized access to or use of records or information that could result in substantial harm or inconvenience to a "customer."
(3) Section 505(b) (2) of GLBA calls on state insurance regulatory authorities to implement the standards prescribed under Section 501(b) by regulation (or rule) with respect to persons engaged in providing insurance.
(4) Section 507 of GLBA provides, among other things, that a state regulation may afford persons greater privacy protections than those provided by subtitle A of Title V of GLBA. The safeguards established pursuant to these rules shall apply to all personal information of individuals requiring protection pursuant to the provisions of the Privacy Act.