RSA 420-P:5 Investigation of a Cybersecurity Event.

Title: XXXVII - INSURANCE Chapter: 420-P - INSURANCE DATA SECURITY LAW

I. If the licensee learns that a cybersecurity event has or may have occurred, the licensee or an outside vendor and/or service provider designated to act on behalf of the licensee, shall conduct a prompt investigation.
II. During the investigation, the licensee, or an outside vendor and/or service provider designated to act on behalf of the licensee, shall, at a minimum determine as much of the following information as possible:
(a) Whether a cybersecurity event has occurred.
(b) The nature and scope of the cybersecurity event.
(c) Identify any nonpublic information that may have been involved in the cybersecurity event.
(d) Perform or oversee reasonable measures to restore the security of the information systems compromised in the cybersecurity event

Log in to read the full statute text and search all NH RSAs.

Read Full Statute