Skip to main content
Find a Lawyer

Hawaii Revised Statutes Division 2. Business § 431:3B-202

Current as of January 01, 2025 | Updated by Findlaw Staff

(a) A licensee's information security program shall be designed to:

(1) Protect the security and confidentiality of nonpublic information and the security of the information system;

(2) Protect against any threats or hazards to the security or integrity of nonpublic information and the information system;

(3) Protect against unauthorized access to or use of nonpublic information, and minimize the likelihood of harm to any consumer; and

(4) Define and periodically reevaluate a schedule for retention of nonpublic information and a mechanism for its destruction when no longer needed.

(b) Regarding risk assessment, the licensee shall:

(1) Designate one or more employees, an affiliate, or a third-party service provider to act on behalf of the licensee who is responsible for the information security program;

(2) Identify reasonably foreseeable internal or external threats that could result in unauthorized access, transmission, disclosure, misuse, alteration, or destruction of nonpublic information, including the security of information systems and nonpublic information that are accessible to or held by third-party service providers;

(3) Assess the likelihood and potential damage of the reasonably foreseeable internal or external threats, taking into consideration the sensitivity of the nonpublic information;

(4) Assess the sufficiency of policies, procedures, information systems, and other safeguards in place to manage the reasonably foreseeable internal or external threats, including consideration of threats in each relevant area of the licensee's operations, including:

(A) Employee training and management;

(B) Information systems, including network and software design, as well as information classification, governance, processing, storage, transmission, and disposal; and

(C) Detecting, preventing, and responding to attacks, intrusions, or other systems failures; and

(5) Implement information safeguards to manage the threats identified in its ongoing assessment, and no less than annually, assess the effectiveness of the safeguards' key controls, systems, and procedures.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Hawaii Revised Statutes Division 2. Business § 431:3B-202 - last updated January 01, 2025 | https://codes.findlaw.com/hi/division-2-business/hi-rev-st-sect-431-3b-202/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard