Louisiana Revised Statutes 22:2509 – Exemptions
Terms Used In Louisiana Revised Statutes 22:2509
- Assets: (1) The property comprising the estate of a deceased person, or (2) the property in a trust account.
- Information security program: means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information. See Louisiana Revised Statutes 22:2503
- Jurisdiction: (1) The legal authority of a court to hear and decide a case. Concurrent jurisdiction exists when two courts have simultaneous responsibility for the same case. (2) The geographic area over which the court has authority to decide cases.
- Licensee: means any person licensed, authorized to operate, or registered or required to be licensed, authorized, or registered pursuant to the insurance laws of this state. See Louisiana Revised Statutes 22:2503
A. A licensee shall be exempt from the provisions of La. Rev. Stat. 22:2504 if the licensee meets any of the following criteria:
(1) Having fewer than twenty-five employees.
(2) Less than five million dollars in gross annual revenue.
(3) Less than ten million dollars in year-end total assets.
(4) Being subject to the Health Insurance Portability and Accountability Act, P.L. 104-191, 110 Stat. 1936, and doing all of the following:
(a) Establishing and maintaining an information security program pursuant to any statutes, rules, regulations, procedures, or guidelines established pursuant to the Health Insurance Portability and Accountability Act.
(b) Complying with and submitting, upon request of the commissioner, a written statement certifying compliance with the information security program established and maintained pursuant to Subparagraph (a) of this Paragraph.
(5) Being an employee, agent, representative, or designee of a licensee, who is also a licensee, to the extent that the employee, agent, representative, or designee is covered by the information security program of the other licensee.
(6) Being affiliated with a depository institution subject to the Interagency Guidelines Establishing Information Security Standards pursuant to the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801 and 6805, and doing all of the following:
(a) Establishing and maintaining an information security program pursuant to any statutes, rules, regulations, procedures, or guidelines established pursuant to the Gramm-Leach-Bliley Act.
(b) Complying with and submitting, upon request of the commissioner, a written statement certifying compliance with the information security program established and maintained pursuant to Subparagraph (a) of this Paragraph.
(7) Being subject to another jurisdiction approved by the commissioner and doing all of the following:
(a) Establishing and maintaining an information security program pursuant to such statutes, rules, regulations, procedures, or guidelines established by another jurisdiction.
(b) Complying with and submitting a written statement certifying its compliance with the information security program established and maintained pursuant to Subparagraph (a) of this Paragraph.
B. In the event that a licensee ceases to qualify for an exemption pursuant to Subsection A of this Section, the licensee shall have one hundred eighty days to comply with the provisions of this Chapter.
C. A licensee that is subject to La. Rev. Stat. 51:3076 shall be exempt from the provisions of La. Rev. Stat. 22:2506 if the licensee does all of the following:
(1) Notifies affected consumers of cybersecurity events relating to the licensee’s insurance business in a manner consistent with the requirements of the Gramm-Leach-Bliley Act.
(2) Notifies the commissioner of cybersecurity events relating to the licensee’s insurance business in a manner consistent with and at the same time as the notice the licensee gives to federal regulatory authorities.
Acts 2020, No. 283, §1.