Learn About the Law
Get help with your legal needs
FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.
Current as of January 01, 2022 | Updated by FindLaw Staff
<Licensees, other than risk retention groups chartered and licensed in this State, shall have until July 1, 2022 to implement this section. See Laws 2021, ch. 112, § 6.>
<Risk retention groups chartered and licensed in this State shall have until July 1, 2023 to implement this section. See Laws 2021, ch. 112, § 6.>
Based on its risk assessment, the licensee shall:
(1) Design its information security program to mitigate the identified risks, commensurate with the size and complexity of the licensee's activities, including its use of third-party service providers, and the sensitivity of the nonpublic information used by the licensee or in the licensee's possession, custody, or control;
(2) Determine which security measures listed in this paragraph are appropriate and implement those security measures:
(A) Place access controls on information systems, including controls to authenticate and permit access only to authorized individuals to protect against the unauthorized acquisition of nonpublic information;
(B) Identify and manage the data, personnel, devices, systems, and facilities that enable the licensee to achieve business purposes in accordance with their relative importance to business objectives and the licensee's risk strategy;
(C) Restrict access at physical locations containing nonpublic information only to authorized individuals;
(D) Protect by encryption or other appropriate means, all nonpublic information while being transmitted over an external network and all nonpublic information stored on a laptop computer or other portable computing or storage device or media;
(E) Adopt secure development practices for in-house developed applications used by the licensee and procedures for evaluating, assessing, or testing the security of externally developed applications used by the licensee;
(F) Modify the information system in accordance with the licensee's information security program;
(G) Use effective controls, which may include multi-factor authentication procedures for any individual accessing nonpublic information;
(H) Regularly test and monitor systems and procedures to detect actual and attempted attacks on, or intrusions into, information systems;
(I) Include audit trails within the information security program designed to detect and respond to cybersecurity events and reconstruct material financial transactions sufficient to support normal operations and obligations of the licensee;
(J) Implement measures to protect against destruction, loss, or damage of nonpublic information due to environmental hazards, such as fire and water damage or other catastrophes or technological failures; and
(K) Develop, implement, and maintain procedures for the secure disposal of nonpublic information in any format;
(3) Include cybersecurity risks in the licensee's enterprise risk management process;
(4) Stay informed regarding emerging threats or vulnerabilities and use reasonable security measures when sharing information relative to the character of the sharing and the type of information shared; and
(5) Provide its personnel with cybersecurity awareness training that is updated as necessary to reflect risks identified by the licensee in the risk assessment.
Cite this article: FindLaw.com - Hawaii Revised Statutes Division 2. Business § 431:3B-203 - last updated January 01, 2022 | https://codes.findlaw.com/hi/division-2-business/hi-rev-st-sect-431-3b-203/
FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.
A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw's Learn About the Law.
Get help with your legal needs
FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.
Search our directory by legal issue
Enter information in one or both fields (Required)