US Lawyer Database

843-966-9603

Menu
Claim your profile

For Lawyer-Seekers

YOU DESERVE THE BEST LAWYER

Claim your profile

For Lawyer-Seekers

Menu

843-966-9603

US Law

Home » US Law » 2022 New Hampshire Revised Statutes » Title XXXVII - Insurance » Title 420-P - Insurance Data Security Law

US Law

Section 420-P:1 – Title.

    420-P:1 Title. – This chapter shall be known and may be cited as the "Insurance Data Security Law." Source. 2019, 309:1, eff. Jan. 1, 2020.

Section 420-P:10 – Safe Harbor for HIPAA Compliance.

    420-P:10 Safe Harbor for HIPAA Compliance. – A licensee that is in possession of protected health information subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and that has established and maintains programs and procedures regarding information privacy, security, and breach notification that are prescribed by HIPAA and by Parts 160 […]

Section 420-P:11 – Safe Harbor for New York Regulatory Compliance.

    420-P:11 Safe Harbor for New York Regulatory Compliance. – A licensee that is in compliance with N.Y. Comp. Codes R. _&_ Regs. Title 23, section 500, Cybersecurity Requirements for Financial Services Companies, effective March 1, 2017, shall be considered to meet the requirements of this chapter, provided that the licensee submits a written statement […]

Section 420-P:12 – Penalties.

    420-P:12 Penalties. – A licensee which violates this chapter may be penalized in accordance with RSA 400-A:15, III. Source. 2019, 309:1, eff. Jan. 1, 2020.

Section 420-P:13 – Rulemaking.

    420-P:13 Rulemaking. – The commissioner may adopt rules pursuant to RSA 541-A as necessary to carry out the provisions of this chapter. Source. 2019, 309:1, eff. Jan. 1, 2020.

Section 420-P:14 – Severability.

    420-P:14 Severability. – If any provision of this chapter, or the application thereof to any person or circumstance is held invalid, such invalidity shall not affect other provisions or applications of this chapter which can be given effect without the invalid provision or application, and to this end the provisions of the chapter are […]

Section 420-P:2 – Purpose and Scope.

    420-P:2 Purpose and Scope. – I. This chapter establishes the exclusive state standards applicable to licensees for data security, the investigation of a cybersecurity event, as defined in RSA 420-P:3, IV, and notification to the commissioner. II. This chapter shall not be construed to create or imply a private cause of action for violation […]

Section 420-P:3 – Definitions.

    420-P:3 Definitions. – In this chapter: I. " Authorized individual " means an individual known to and screened by the licensee and determined to be necessary and appropriate to have access to the nonpublic information held by the licensee and its information systems. II. " Commissioner " means the insurance commissioner. III. " Consumer […]

Section 420-P:4 – Information Security Program.

    420-P:4 Information Security Program. – I. Implementation of the program shall be commensurate with the size and complexity of the licensee, the nature and scope of the licensee’s activities, including its use of third-party service providers, and the sensitivity of the nonpublic information used by the licensee or in the licensee’s possession, custody, or […]

Section 420-P:5 – Investigation of a Cybersecurity Event.

    420-P:5 Investigation of a Cybersecurity Event. – I. If the licensee learns that a cybersecurity event has or may have occurred, the licensee or an outside vendor and/or service provider designated to act on behalf of the licensee, shall conduct a prompt investigation. II. During the investigation, the licensee, or an outside vendor and/or […]

Section 420-P:6 – Notification of a Cybersecurity Event.

    420-P:6 Notification of a Cybersecurity Event. – I. Each licensee shall notify the commissioner within 3 business days of a determination that a cybersecurity event has occurred when either of the following criteria has been met: (a) New Hampshire is the licensee’s state of domicile, in the case of an insurer, or this state […]

Section 420-P:7 – Power of Commissioner.

    420-P:7 Power of Commissioner. – I. The commissioner shall have power to examine and investigate the affairs of any licensee to determine whether the licensee has been or is engaged in any conduct in violation of this chapter. This power is in addition to the powers which the commissioner has under RSA 400-A:16 and […]

Section 420-P:8 – Confidentiality.

    420-P:8 Confidentiality. – I. Any documents, materials, or other information in the control or possession of the department that are furnished by a licensee or an employee or agent thereof acting on behalf of licensee pursuant to RSA 420-P:4, IX, RSA 420-P:6, II(b), (c), (d), (e), (h), (j), and (k), or that are obtained […]

Section 420-P:9 – Exceptions.

    420-P:9 Exceptions. – I. The following exceptions shall apply to this chapter: (a) A licensee with fewer than 20 employees, including any independent contractors, shall be exempt from RSA 420-P:4. (b) An employee, agent, representative, or designee of a licensee, who is also a licensee, shall be exempt from RSA 420-P:4 and need not […]