§ 11-49.2-7 - Agencies with security breach procedures.
SECTION 11-49.2-7
§ 11-49.2-7 Agencies with security breachprocedures. – Any state agency or person that maintains its own security breach procedures aspart of an information security policy for the treatment of personalinformation and otherwise complies with the timing requirements of §11-49.2-3, shall be deemed to be in compliance with the security breachnotification requirements of § 11-49.2-3, provided such person notifiessubject persons in accordance with such person's policies in the event of abreach of security. Any person that maintains such a security breach procedurepursuant to the rules, regulations, procedures or guidelines established by theprimary or functional regulator, as defined in 15 USC 6809(2), shall be deemedto be in compliance with the security breach notification requirements of thissection, provided such person notifies subject persons in accordance with thepolicies or the rules, regulations, procedures or guidelines established by theprimary or functional regulator in the event of a breach of security of thesystem. A financial institution, trust company, credit union or its affiliatesthat is subject to and examined for, and found in compliance with the FederalInteragency Guidelines on Response Programs for Unauthorized Access to CustomerInformation and Customer Notice shall be deemed in compliance with thischapter. A provider of health care, health care service plan, health insurer,or a covered entity governed by the medical privacy and security rules issuedby the federal Department of Health and Human Services, Parts 160 and 164 ofTitle 45 of the Code of Federal Regulations, established pursuant to the HealthInsurance Portability and Accountability Act of 1996 (HIPAA) shall be deemed incompliance with this chapter.