The Office of General Counsel issued the following informal opinion on July 25, 2002, representing the position of the New York State Insurance Department.

Re: Filing requirements of Regulation 173

Question Presented:

Is there a requirement to file with the Superintendent the written information security program required by N.Y. Comp. Codes R. & Regs. tit. 11 § 421(2001) (Reg. 173)?

Conclusion:

There is no requirement to file with the Superintendent the written information security program required by N.Y. Comp. Codes R. & Regs. tit. 11 § 421(2001) (Reg. 173).

Facts:

No facts were provided.

Analysis:

N.Y. Comp. Codes R. & Regs. tit. 11 § 421.2 (2001) (Reg. 173) requires all licensees, as defined in N.Y. Comp. Codes R. & Regs. tit. 11 § 420.3(p)(1) (2001) to implement a comprehensive written information security program for the protection of customer information. The limited exceptions to this general rule are listed in N.Y. Comp. Codes R. & Regs. tit. 11 § 421.1(d) (2001) (Reg. 173). While there is no requirement to file with the Superintendent the written information security program required by N.Y. Comp. Codes R. & Regs. tit. 11 § 421(2001) (Reg. 173), such program must be available for review upon demand by representatives of the New York State Insurance Department.

For further information you may contact Senior Attorney Susan A. Dess at the New York City Office.