§ 83-5-817. Exemptions
The following exceptions shall apply to this article: A licensee meeting any of the following criteria is exempt from Sections 83-5-807, 83-5-809(3) and 83-5-811(4)(a) and (b) of this article: Fewer than fifty (50) employees, excluding any independent contractors; Less than Five Million Dollars ($5,000,000.00) in gross annual revenue; Less than Ten Million Dollars ($10,000,000.00) in […]
§ 83-5-821. Regulations
The commissioner may issue such regulations as shall be necessary to carry out the provisions of this article.
§ 83-5-823. Severability
If any provisions of this article or the application thereof to any person or circumstance is for any reason held to be invalid, the remainder of the article and the application of such provision to other persons or circumstances shall not be affected thereby.
§ 83-5-825. Implementation of Section 83-5-807 and Section 83-5-807(6)
Licensees shall have one (1) year from July 1, 2019, to implement Section 83-5-807 and two (2) years from July 1, 2019 to implement Section 83-5-807(6).
§ 83-5-815. Protection of documents, materials and other information
Any documents, materials or other information in the control or possession of the department that are furnished by a licensee or an employee or agent thereof acting on behalf of a licensee pursuant to Section 83-5-807(9), Section 83-5-811(2)(b), (c), (d), (e), (h), (j) and (k) of this act, or that are obtained by the commissioner […]
§ 83-5-819. Penalties for violation of article
In the case of a violation of this article, a licensee may be penalized in accordance with Section 83-5-85.
§ 83-5-801. Short title
This article shall be known and may be cited as the “Insurance Data Security Law.”
§ 83-5-803. Article establishes exclusive state standards for data security, investigation of cybersecurity event, and notification to Commissioner of Insurance
Notwithstanding any other provision of law, this article establishes the exclusive state standards applicable to licensees for data security, the investigation of a cybersecurity event as defined in Section 83-5-805, and notification to the Commissioner of Insurance. This article may not be construed to create or imply a private cause of action for violation of […]
§ 83-5-805 Definitions.
As used in this article, the following terms shall have the following meanings: “Authorized individual” means an individual known to and screened by the licensee and determined to be necessary and appropriate to have access to the nonpublic information held by the licensee and its information systems. “Commissioner” means the Commissioner of Insurance. “Consumer” means […]
§ 83-5-807. Development, implementation and maintenance of information security program
Commensurate with the size and complexity of the licensee, the nature and scope of the licensee’s activities, including its use of third-party service providers, and the sensitivity of the nonpublic information used by the licensee or in the licensee’s possession, custody or control, each licensee shall develop, implement, and maintain a comprehensive written information security […]