Scope of this Summary
Form of Covered Info
Encryption Safe Harbor
Timing: Notice required within 45 days of determination that a breach has occurred.
Method: By written notice; email notice if the person has email addresses for the individuals who are subject to the notice; or telephonic notice, if telephonic contact is made directly with the affected individuals and is not through a prerecorded message. Substitute notice is available if certain criteria are satisfied.
Content: Subject to other elements, notice must include: the approximate date of the breach; type of PI included in the breach; the toll-free telephone numbers and addresses of the three largest credit reporting agencies; and the toll-free number, address and website for the FTC or any federal agency that assists consumers with identity theft matters.