Quick Facts
Breach Based on Harm Threshold: YES
Deadline for Consumer Notice: No later than 30 days
Government Notification Required: YES, if 500+ residents notified
More Details
Scope of this Summary
Covered Info
First name or first initial and last name, plus: Social Security number; driver's license, state identification card, passport, military identification, or other government-issued number to verify identity; financial account, credit, or debit card number in combination with any required code or password that would permit access to a financial account; info regarding medical history, mental/physical condition, or medical treatment/diagnosis; or health insurance policy or subscriber identification number and any unique identifier used by health insurer.
Covered info also includes a username or email address in combination with password or security question and answer that would permit access to online account.
Form of Covered Info
Encryption Safe Harbor
Breach Defined
Consumer Notice
Timing: Must be made as expeditiously as practicable and without unreasonable delay, but no later than 30 days after determination of breach or reason to believe breach occurred, consistent with time necessary to determine scope of the breach, identify those affected, and restore the reasonable integrity of the system. May receive 15 more days if good cause for delay provided to Dept. of Legal Affairs within original 30 days.
Content: Notice must include the date(s) of the breach, a description of the covered info that was or is reasonably believed to have been accessed, and the covered entity's contact info.
Method: By written notice or email. Substitute notice is available if certain criteria are satisfied.
Delayed Notice
Harm Threshold
Government Notice
Consumer Reporting Agency Notice
Third-Party Notice
Potential Penalties
This summary is for informational purposes only. It provides general information and not legal advice or opinions regarding specific facts. Additional requirements or conditions may apply to any or all provisions referenced herein. For more information about the state data breach notification laws or other data security matters, please seek the advice of counsel.
Last revised on July 26, 2018