A covered entity shall:
- (a) Set forth standards for developing, implementing and maintaining reasonable safeguards to protect the security, confidentiality and integrity of customer information pursuant to 16 C.F.R. § 314, as in effect on July 1, 2023;
- (b) develop and organize its information security program into one or more readily accessible parts; and
- (c) maintain its information security program as part of the covered entity's books and records in accordance with the record retention requirements of such covered entity.
L. 2023, ch. 54, § 3; April 27.