Investor Presentaiton
Question:
Independent of the provisions that apply to producers as licensees - are
licensed agents/producers considered to be TPSPs for purposes of a
licensee's obligations under this section? Stated another way, do
licensed producers have dual obligations as "licensees" and as "TPSPs"?
The act defines "Third-party service provider" as "a person not otherwise defined as a licensee that
contracts with a licensee to maintain, process, store or otherwise is permitted access to nonpublic
information through its provision of services to the licensee." Therefore, under the definition, a
licensed agent or producer is not a TPSP.
Section 38-99-70(A)(2) states that a Licensee who is an "employee, agent, representative or
designee of a Licensee...is exempt from ...and “need not develop its own cybersecurity program to
the extent that the employee, agent, representative or designee is covered by the cybersecurity
program of the other licensee." This exemption requires an entire employee, agent, representative
or designee to be fully covered by the program of another Licensee. Therefore, a Licensee who is an
employee, agent, representative or designee of more than one other Licensee will only qualify for a
Section 38-99-70(A)(2) exemption where the cybersecurity program of at least one of its parent
Covered Entities Fully covers all aspects of the employee's, agent's representative's or designee's
business.View entire presentation