Current through the 2024 Legislative Session
Section 431:3B-304 - Notice regarding cybersecurity events of third-party service providers(a) In the case of a cybersecurity event impacting a licensee's nonpublic information in a system maintained by a third-party service provider, of which the licensee has become aware, the licensee shall treat the event as it would under section 431:3B-302 unless the third-party service provider provides the notice required under section 431:3B-302.(b) The computation of the licensee's deadlines shall begin on the day after the third-party service provider notifies the licensee of the cybersecurity event or the licensee otherwise has actual knowledge of the cybersecurity event, whichever is sooner.(c) Nothing in this article shall prevent or abrogate an agreement between a licensee and another licensee, a third-party service provider, or any other party to fulfill any of the investigation requirements imposed under section 431:3B-301 or notice requirements imposed under this part.Added by L 2021, c 112,§ 2, eff. 7/1/2021.