RSA 420-P:6 Notification of a Cybersecurity Event.

Title: XXXVII - INSURANCE Chapter: 420-P - INSURANCE DATA SECURITY LAW

I. Each licensee shall notify the commissioner within 3 business days of a determination that a cybersecurity event has occurred when either of the following criteria has been met:
(a) New Hampshire is the licensee's state of domicile, in the case of an insurer, or this state is the licensee's home state, in the case of a producer, as those terms are defined in RSA 402-J, and the cybersecurity event has a reasonable likelihood of materially harming a consumer residing in this state or reasonable likelihood of materially harming any material part of the normal operations of the licensee; or
(b) The licensee reasonably believes that the nonpublic information involves 250 or more consumers residing in New Hampshire and that the cybersecurity event:
(1) Impacts the lic

Log in to read the full statute text and search all NH RSAs.

Read Full Statute