Section Saf-C 5602.09 - Bulk User Requirements.(a) Any bulk users authorized pursuant to Saf-C 5602.08(c), shall complete the following requirements prior to receiving any motor vehicle record information: (1) Provide a copy of the bulk user's data privacy and security policy;(2) Provide the department with a list of all users of the information. Include a spreadsheet listing Customer Name, Address, Customer Contact Name, Email Address, and Phone Number. For each customer, indicate the statutorily authorized use under which motor vehicle records will be obtained. Such list shall not be a public record subject to disclosure pursuant to RSA 91-A;(3) Certify compliance with RSA 260:14;(4) Provide the most recent copy of an Independent Service Auditor's Report related to the suitability of design and operating effectiveness of controls relevant to security, confidentiality, availability, processing integrity, and privacy (AICPA SOC 2, Type II Report);(5) Provide a copy of certificate of good standing from the New Hampshire secretary of state's office as well as secretary of state from a state where the company is registered; and(6) Provide a certificate of authority if the bulk user will be acting as an authorized agent.(b) If a request is approved, then the requester shall:(1) Complete the bulk data use agreement;(2) Submit a certificate of authority or a certificate of vote providing authorization to enter into contracts on behalf of your company.(3) Provide a copy of the form that the requestor will require all users to complete, prior to granting access to New Hampshire motor vehicle records, that will certify the users' compliance with RSA 260:14 and these rules. The form shall include a conspicuous notice to the subsequent user that they are prohibited from reselling, transferring, or assigning any motor vehicle record information unless it is authorized by RSA 260:14, VI(b) and complies with RSA 260:14, VI(c); and(4) Submit the appropriate fee.(c) The bulk data user agreement shall be in effect for 3 years from the date of the commissioner's approval. An annual recertification will be approved by the department upon a submission of the following: (1) A completed annual recertification form, DSMV 494A,(2) An annual administrative fee,(3) Certification of compliance with RSA 260:14,(4) Updated SOC 2, Type II Report(5) Copy of certificate of good standing from the New Hampshire secretary of state's office as well as secretary of state from a state where the company is registered,(6) Current certificate of authority if the bulk user will be acting as an authorized agent,(7) Any fee increases during the 3 year period shall be applicable to the requestor.(d) The bulk data user shall immediately report to the department any data breaches or any information pertaining to the records provided by the department.(e) Any changes to any items that have been approved by the division, must be requested in writing on the bulk applicant's letterhead for approval. Records may not be shared with customers who were not on the list submitted with the bulk data user's approved application until specifically authorized by the department.N.H. Admin. Code § Saf-C 5602.09
#6403, EXEMPT, eff 1-1-97; rpld and ss by #7361, EXEMPT, eff 9-1-00; ss by #7621, EXEMPT, eff 1-1-02
Amended by Volume XLI Number 6, Filed February 11, 2021, Proposed by #13152, Effective 12/31/2020, Expires EXEMPT.