A. The Insurance Commissioner may promulgate any rules necessary to carry out the provisions of this section. B. 1. The following exceptions shall apply to this act: a. a licensee with less than Five Million Dollars ($5,000,000.00) in gross annual revenue, is exempt from this act, b. a licensee subject to the Health Insurance Portability and Accountability Act, Pub. L. 104–191, 110 Stat. 1936, as amended, that has established and maintains an information security program pursuant to such statutes, rules, regulations, procedures, or guidelines established thereunder, will be considered to meet the requirements of Section 4 of this act, provided that the licensee is compliant with and submits a written statement to the Commissioner certifying its compliance with the same, c. a licensee subject to Title V of the federal Gramm- Leach-Bliley Act of 1999 (15 U.S.C. Sections 6801-6809 and 6821-6827) that has established and maintains an information security program pursuant to such, statutes, rules, regulations, procedures, or guidelines established thereunder, will be considered to meet the requirements of Section 4 of this act, provided that the licensee is compliant with and submits a written statement to the Commissioner certifying its compliance with the same, and d. an employee, agent, representative, or designee of a licensee, who is also a licensee, is exempt from this act and shall not be required to develop their own information security program to the extent that the employee, agent, representative, or designee is covered by the information security program of the licensee. 2. If a licensee ceases to qualify for an exception, the licensee shall have one hundred eighty (180) days to comply with the provisions of this act. C. In the case of a violation of this act, a licensee may be penalized in accordance with any applicable sections of the Insurance Code, including, but not limited to, Section 908 of Title 36 of the Oklahoma Statutes, or any other provision providing for penalties that the licensee is subject to under the license or permit of the licensee. Nothing in this act shall be construed to impose any civil liability for any violation of this act or omission to act by the licensee or employees of the licensee. D. The provisions of this act shall take precedence over any other state laws applicable to licensees for data security and the investigation of a cybersecurity event.
‹ Prev All Oklahoma sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.