(a) A person shall not disclose any nonpublic personal information contrary to the provisions of Title V of the Gramm-Leach-Bliley Act, Pub. L. No. 106-102.
(b)
(1) The Insurance Commissioner shall adopt rules governing the treatment of consumer financial and protected health information by the Arkansas Comprehensive Health Insurance Pool and by all licensed insurers, health maintenance organizations, or other insuring health entities regulated by the commissioner, producers, and other persons licensed or required to be licensed, authorized or required to be authorized, or registered or required to be registered by the commissioner.
(2)
(A) An entity or person described in subdivision (b)(1) of this section or a legal entity engaged in the business of insurance, including without limitation an individual, corporation, association, partnership, reciprocal exchange, interinsurer, Lloyd's insurer, fraternal benefit society, agent, broker, and adjuster, shall:
(i) Provide notification of a data breach to the commissioner in the same time and manner as required under § 4-110-105; and
(ii) Comply with all requirements for disclosure and notification of a data breach as required under § 4-110-105.
(B)
(i) This section does not affect the right of the commissioner to impose other penalties provided for in the insurance laws of this state.
(ii) The commissioner may promulgate rules necessary for or as an aid to the effectuation of any provision of the Arkansas Insurance Code.
(c)
(1) The commissioner shall waive any provision of this section that creates a conflict with similar federal laws or regulations, or which, due to the enactment of any similar federal laws or regulations, creates an undue burden or increased financial or operational demands upon a person or entity described in subdivision (b)(1) of this section in order to comply with this section, the rules to be promulgated by the commissioner, and similar federal laws and regulations.
(2) A person or entity described in subdivision (b)(1) of this section may request a hearing before the commissioner to seek the waiver referenced in subdivision (c)(1) of this section.
(3)
(A) Under § 23-61-307, a person or entity described in subdivision (b)(1) of this section is entitled to appeal the commissioner's decision to deny a waiver.
(B) In an appeal under this section, the commissioner shall be named as defendant.
(C) In any such action, the commissioner may defend the action in his or her discretion.