Maine Revised Statutes Title 24-A Sec. 2269 – Application; exceptions
Current as of: 2023 | Check for updates
|
Other versions
1. Small business exception. A licensee with fewer than 10 employees, including any independent contractors working for the licensee in the business of insurance, is exempt from section 2264.
[PL 2021, c. 24, §1 (NEW).]
Terms Used In Maine Revised Statutes Title 24-A Sec. 2269
- health insurance: means insurance of human beings against bodily injury, disablement or death by accident or accidental means, or the expense thereof, or against disablement or expense resulting from sickness, and every insurance appertaining thereto, including provision for the mental and emotional welfare of human beings by defraying the costs of legal services only to the extent provided for in chapter 38. See Maine Revised Statutes Title 24-A Sec. 704
- Information security program: means the administrative, technical and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of or otherwise handle nonpublic information. See Maine Revised Statutes Title 24-A Sec. 2263
- Licensee: means a person licensed, authorized to operate or registered or required to be licensed, authorized or registered pursuant to the insurance laws of this State. See Maine Revised Statutes Title 24-A Sec. 2263
- Nonpublic information: means information that is not publicly available information and is:
A. See Maine Revised Statutes Title 24-A Sec. 2263Public law: A public bill or joint resolution that has passed both chambers and been enacted into law. Public laws have general applicability nationwide. United States: includes territories and the District of Columbia. See Maine Revised Statutes Title 1 Sec. 72
2. Licensees subject to federal law. The following provisions apply to licensees subject to federal law.
A. A licensee that is subject to and in compliance with the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and related privacy, security and breach notification regulations pursuant to 45 Code of Federal Regulations, Parts 160 and 164 and the federal Health Information Technology for Economic and Clinical Health Act, Public Law 111-5 is considered to meet the requirements of this chapter, other than the requirements of section 2266, subsection 1 for notification to the superintendent, if:
(1) The licensee maintains a program for information security and breach notification that treats all nonpublic information relating to consumers in this State in the same manner as protected health information;
(2) The licensee annually submits to the superintendent a written statement certifying that the licensee is in compliance with the requirements of this paragraph; and
(3) The superintendent has not issued a determination finding that the applicable federal regulations are materially less stringent than the requirements of this chapter. [PL 2021, c. 24, §1 (NEW).]
B. A licensee that is an insurance producer business entity, as licensed pursuant to section 1420?E, owned by a depository institution and that maintains an information security program in compliance with the standards for safeguarding customer information as set forth pursuant to the federal Gramm-Leach-Bliley Act, 15 United States Code §§ 6801 and 6805 is considered to meet the requirements of section 2264 if:
(1) Upon request, the licensee produces documentation satisfactory to the superintendent that independently validates the controlling depository institution’s adoption of an information security program that satisfies the standards for safeguarding customer information;
(2) The licensee annually submits to the superintendent a written statement certifying that the licensee is in compliance with the requirements of this paragraph; and
(3) The superintendent has not issued a determination finding that the standards for safeguarding customer information are materially less stringent than the requirements of section 2264. [PL 2021, c. 24, §1 (NEW).]
[PL 2021, c. 24, §1 (NEW).]
3. Employee, agent, representative or designee also a licensee. An employee, agent, representative or designee of a licensee that is also a licensee is exempt from section 2264 and need not develop its own information security program to the extent that the employee, agent, representative or designee is covered by the information security program of the other licensee.
[PL 2021, c. 24, §1 (NEW).]
If a licensee ceases to qualify for an exception under this section, the licensee has 180 days to comply with this chapter. [PL 2021, c. 24, §1 (NEW).]
SECTION HISTORY
PL 2021, c. 24, §1 (NEW).