(1) The following exceptions shall apply to this article:
(a) A licensee meeting any of the following criteria is exempt from Sections 83–5-807, 83-5-809(3) and 83–5-811(4)(a) and (b):
(i) Fewer than fifty (50) employees, excluding any independent contractors;
(ii) Less than Five Million Dollars ($5,000,000.00) in gross annual revenue;
(iii) Less than Ten Million Dollars ($10,000,000.00) in year-end total assets; or
(iv) Insurance producers and adjusters.
(b) A licensee subject to Public Law 104-191, 110 Stat. 1936, enacted August 21, 1996, (Health Insurance Portability and Accountability Act) that has established and maintains an information security program pursuant to such statutes, rules, regulations, procedures or guidelines established thereunder, will be considered to meet the requirements of Section 83–5–807, provided that the licensee is compliant with, and submits a written statement certifying its compliance with, the same.
(c) An employee, agent, representative or designee of a licensee, who is also a licensee, is exempt from Section 83-5-807 and need not develop its own information security program to the extent that the employee, agent, representative or designee is covered by the information security program of the other licensee.
(d) A licensee affiliated with a depository institution that maintains an information security program in compliance with the Interagency Guidelines Establishing Standards for Safeguarding Customer Information as set forth pursuant to Sections 501 and 505 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 and 6805) shall be considered to meet the requirements of Section 83–5–807, provided that the licensee produces, upon request, documentation satisfactory to the commissioner that independently validates the affiliated depository institution’s adoption of an information security program that satisfies the Interagency Guidelines.
(2) In the event that a licensee ceases to qualify for an exception, such licensee shall have one hundred eighty (180) days to comply with this article.