More Details
Scope of this Summary
Covered Info
Form of Covered Info
Encryption Safe Harbor
Breach Defined
Consumer Notice
Timing: Notice required within 45 days of determination that a breach has occurred.
Method: By written notice; email notice if the person has email addresses for the individuals who are subject to the notice; or telephonic notice, if telephonic contact is made directly with the affected individuals and is not through a prerecorded message. Substitute notice is available if certain criteria are satisfied.
Content: Subject to other elements, notice must include: the approximate date of the breach; type of PI included in the breach; the toll-free telephone numbers and addresses of the three largest credit reporting agencies; and the toll-free number, address and website for the FTC or any federal agency that assists consumers with identity theft matters.
Government Notice
Consumer Reporting Agency Notice
Delayed Notice
Harm Threshold
Third-Party Notice
Potential Penalties
This summary is for informational purposes only. It provides general information and not legal advice or opinions regarding specific facts. Additional requirements or conditions may apply to any or all provisions referenced herein. For more information about the state data breach notification laws or other data security matters, please seek the advice of counsel.
Last revised on July 26, 2019