The licensee or third-party service provider designated to act on behalf of the licensee shall perform or oversee reasonable measures to restore the security of the information systems compromised in the cybersecurity event to prevent further unauthorized acquisition, release, or use of nonpublic information in the licensee's possession, custody, or control.
HRS § 431:3B-301