375.1417. Exceptions to act. — 1. The following exceptions shall apply to sections 375.1400 to 375.1427:
(1) A licensee with fewer than ten employees, including any independent contractors, is exempt from the provisions of section 375.1405;
(2) A licensee subject to and governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services, 45 CFR 160 and 164, established under the Health Insurance Portability and Accountability Act of 1996, Pub. L. 104-191, and the Health Information Technology for Economic and Clinical Health Act (HITECH), Pub. L. 111-5, and that maintains nonpublic information in the same manner as protected health information shall be deemed to comply with the requirements of sections 375.1400 to 375.1427, except for the director notification requirements in subsections 1 and 2 of section 375.1410;
(3) An employee, agent, representative, or designee of a licensee, who is also a licensee, is exempt from section 375.1405 and need not develop its own information security program to the extent that the employee, agent, representative, or designee is covered by the information security program of the other licensee;
(4) Producers that have fewer than fifty employees; less than five million dollars in gross annual revenue; or less than ten million dollars in year-end total assets; and
(5) A licensee affiliated with a depository institution that maintains an information security program in compliance with the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (Interagency Guidelines) as set forth under Sections 501 and 505 of the federal Gramm-Leach-Bliley Act, Pub. L. 106-102, shall be considered to meet the requirements of section 375.1405 and any rules, regulations, or procedures established thereunder, provided that the licensee produces, upon request, documentation satisfactory to the director that independently validates the affiliated depository institution's adoption of an information security program that satisfies the interagency guidelines.
2. In the event that a licensee ceases to qualify for an exception, such licensee shall have one hundred eighty calendar days to comply with sections 375.1400 to 375.1427.
---- end of effective 01 Jan 2026 ----
|
|
|||
| Click here for the Reorganization Act of 1974 - or - Concurrent Resolutions Having Force & Effect of Law | |||
| In accordance with Section 3.090, the language of statutory sections enacted during a legislative session are updated and available on this website on the effective date of such enacted statutory section. |
|
||
|
|
|||
| Recent Sections | Editorials | May Be Cited As | Tables & Forms | Multiple Enact |
| Repeal & Transfer | Definitions | End Report | ||
|
|
||||
| Site changes | Pictures | Contact | ||
| Legislative Research | Oversight | MOLIS | |||
| Library | MO WebMasters |
| Errors / suggestions - WebMaster@LR.mo.gov |
|
©Missouri Legislature, all rights reserved. | |||||||
|
|
|
|
|
|||||
