Current through the 2024 Legislative Session
Section 431:3B-205 - Oversight of third-party service provider arrangements A licensee shall:
(1) Exercise due diligence in selecting its third-party service provider; and(2) Where appropriate, require a third-party service provider to implement appropriate administrative, technical, and physical measures to protect and secure the information systems and nonpublic information that are accessible to or held by the third-party service provider; provided that encrypted nonpublic information is not accessible to or held by the third-party service provider within the meaning of this paragraph if the third-party service provider does not possess the associated protective process or key necessary to assign meaning to the nonpublic information.Added by L 2021, c 112,§ 2, eff. 7/1/2021.