A. A licensee and casino operator shall:
- 1. monitor, control, and protect all communication and information transmitted or received by the casino’s computer systems at the external and internal boundaries of those systems; and
- 2. employ software development techniques, architectural designs, and systems engineering principles that promote effective information security within the casino’s information systems.
- B. To the extent possible and practical, all network communications and storage of confidential or sensitive data shall be encrypted. At a minimum, personal patron data shall be considered confidential. Personal patron data shall include, but not be limited to, any non-public patron information collected by the casino, such as date of birth, social security number, credit card number, bank account information, and driver’s license number. The importance of additional data may vary as a function of how critical that data is to the integrity of the network and/or the needs of the casino. A licensee and casino operator must assess the type of data that the network carries or stores and determine the relative sensitivity of such information. This assessment shall then serve as a guide to the types of security measures that are appropriate for the network.
Authority Note
AUTHORITY NOTE: Promulgated in accordance with R.S. 27:15 and 24.
Historical Note
HISTORICAL NOTE: Promulgated by the Department of Public Safety and Corrections, Gaming Control Board, LR 44:2017 (November 2018).