Investor Presentaiton slide image

Investor Presentaiton

Question: Independent of the provisions that apply to producers as licensees - are licensed agents/producers considered to be TPSPs for purposes of a licensee's obligations under this section? Stated another way, do licensed producers have dual obligations as "licensees" and as "TPSPs"? The act defines "Third-party service provider" as "a person not otherwise defined as a licensee that contracts with a licensee to maintain, process, store or otherwise is permitted access to nonpublic information through its provision of services to the licensee." Therefore, under the definition, a licensed agent or producer is not a TPSP. Section 38-99-70(A)(2) states that a Licensee who is an "employee, agent, representative or designee of a Licensee...is exempt from ...and “need not develop its own cybersecurity program to the extent that the employee, agent, representative or designee is covered by the cybersecurity program of the other licensee." This exemption requires an entire employee, agent, representative or designee to be fully covered by the program of another Licensee. Therefore, a Licensee who is an employee, agent, representative or designee of more than one other Licensee will only qualify for a Section 38-99-70(A)(2) exemption where the cybersecurity program of at least one of its parent Covered Entities Fully covers all aspects of the employee's, agent's representative's or designee's business.
View entire presentation