Information Security Resources

The Washington State Department of Financial Institutions Division of Consumer Services is concerned with the security of consumer information.

Not maintaining confidentiality, integrity, and availability of information can result in direct harm to consumers and operational and reputational risk for companies.

Ransomware Self Assessment Tool

This ready-to-use ransomware tool will allow your company leadership to assess the organization’s efforts to control and mitigate risks associated with the threat of ransomware and to identify gaps in your security. Use of this tool is voluntary unless otherwise dictated.

Ransomware Self Assessment Tool

Resources

The following are resources regarding information security:

• Resource List
• Questions and Scenarios to Consider
• Information Security Topics
• Most Likely Suspects
• Protect These Records

Washington Administrative Code

The following Washington Administrative Code relate to information security:

Consumer Loan Companies

• WAC 208-620-490 (5) - What are my reporting responsibilities when something of significance happens to my business?
• WAC 208-620-531 - Must I have a business resumption plan?
• WAC 208-620-532 - Records disposal.
• WAC 208-620-571 - Information security program required by the federal Safeguards Rule implementing the Gramm-Leach-Bliley Act
• WAC 208-620-572 - Consumer financial information privacy under the Gramm-Leach-Bliley Act (GLBA) and Regulation P
• WAC 208-620-573 - Notice to consumers of data breach

Mortgage Brokers

• WAC 208-660-400 (2)(e) - Reporting requirements and notices to the department
• WAC 208-660-460 - Information security program required by the federal Safeguards Rule implementing the Gramm-Leach-Bliley Act
• WAC 208-660-470 - Consumer financial information privacy under the Gramm-Leach-Bliley Act (GLBA) and Regulation P
• WAC 208-660-480 - Notice to consumers of data breach
• WAC 208-660-490 - Business resumption plan

Money Service Providers

• WAC 208-690-110 (10) - Report of material change
• WAC 208-690-240 – Cyber security program
• WAC 208-690-250 - Information security program required by the federal Safeguards Rule implementing the Gramm-Leach-Bliley Act (GLBA)
• WAC 208-690-260 - Consumer financial information privacy under the Gramm-Leach-Bliley Act (GLBA) and Regulation P
• WAC 208-690-270 – Notice to consumers of data breach
• WAC 208-690-280 – Business resumption plan

Escrow Agents

• WAC 208-680-532 - Information security program required by the federal Safeguards Rule implementing the Gramm-Leach-Bliley Act
• WAC 208-680-534 - Consumer financial information privacy under the Gramm-Leach-Bliley Act (GLBA) and Regulation P
• WAC 208-680-536 - Notice to consumers of data breach
• WAC 208-680-538 - Business resumption plan
• WAC 208-680-265 (4)(i) - Reporting significant events