(a) In the case of a cybersecurity event impacting a licensee’s nonpublic information in a system maintained by a third-party service provider, of which the licensee has become aware, the licensee shall treat the event as it would under § 431:3B-302 unless the third-party service provider provides the notice required under § 431:3B-302.
lawyer at desk

Ask an insurance law question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

Terms Used In Hawaii Revised Statutes 431:3B-304

  • Cybersecurity event: means an event resulting in unauthorized access to, or disruption or misuse of, an information system or nonpublic information stored on that information system. See Hawaii Revised Statutes 431:3B-101
  • Third-party service provider: means a person, not otherwise defined as a licensee, that contracts with a licensee to maintain, process, store, or otherwise is permitted access to nonpublic information through its provision of services to the licensee. See Hawaii Revised Statutes 431:3B-101
(b) The computation of the licensee’s deadlines shall begin on the day after the third-party service provider notifies the licensee of the cybersecurity event or the licensee otherwise has actual knowledge of the cybersecurity event, whichever is sooner.
(c) Nothing in this article shall prevent or abrogate an agreement between a licensee and another licensee, a third-party service provider, or any other party to fulfill any of the investigation requirements imposed under § 431:3B-301 or notice requirements imposed under this part.

  Previous
Next  
 Part III Contents