N.Y. Comp. Codes R. & Regs. tit. 11, § 421.0
(b) Section 501(a) provides that it is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information. Section 501(b) requires the State insurance regulatory authorities to establish appropriate standards relating to administrative, technical, and physical safeguards: