Can I skip having an information security program in place in South Dakota? What are the requirements?

Based on the provided context documents, it is not clear whether you can skip having an information security program in place in South Dakota. However, the North Dakota Insurance Department requires licensees to have an information security program in place that meets certain requirements ^[4].

Licensees of the North Dakota Insurance Department include companies, agencies, third party administrators, and others required to be licensed by the department ^[4]. Beginning August 1, 2023, licensees must exercise due diligence when using and selecting a third-party service provider, and the third-party service provider must also have an information security program that meets the requirements of NDCC 26.1-02.2 ^[4].

If you have less than $5 million of gross revenue, less than $10 million in assets, less than 25 employees, or are an employee, agent, representative, or designee of a licensee who is also a licensee, you may be exempt from implementing, developing, and maintaining an information security program ^[4].

Therefore, it is important to review the specific requirements for your situation and consult with legal counsel to ensure compliance with applicable laws and regulations.

Source(s):

• [4] Cybersecurity Reporting | North Dakota Insurance Department

Jurisdiction

South Dakota

• Privacy