Subarticle - CHAPTER 5A. DATA SECURITY
- Section 500.550 - Private cause of action not created; exclusive standards
- Section 500.553 - Definitions
- Section 500.555 - Comprehensive written information security program; requirements; duties of licensee and board of directors; third-party service provider; incident response plan; certification of compliance
- Section 500.557 - Occurrence of cybersecurity event; investigation; maintenance of records
- Section 500.559 - Notification of cybersecurity event involving nonpublic information; duty to update and supplement notifications to director; contents; application to third-party service provider; duties of ceding insurers with direct contractual relationship
- Section 500.561 - Notice of cybersecurity event to residents of this state; conditions and requirements; duties of licensee; substitute notice; notification to certain consumer reporting agencies; exception; compliance with health insurance portability and accountability act considered compliance with section; notice with intent to defraud; misdemeanor; penalty; failure to provide notice; civil fine; aggregate liability; applicability of section; definitions
- Section 500.563 - Confidentiality; use of documents, materials, or other information; duties of director
- Section 500.565 - Exemption for certain licensees; timeline for implementation and compliance