Breach Based on Harm Threshold: YES
Deadline for Consumer Notice: No later than 30 days
Government Notification Required: YES, if 500+ residents notified
Scope of this Summary
First name or first initial and last name, plus: Social Security number; driver's license, state identification card, passport, military identification, or other government-issued number to verify identity; financial account, credit, or debit card number in combination with any required code or password that would permit access to a financial account; info regarding medical history, mental/physical condition, or medical treatment/diagnosis; or health insurance policy or subscriber identification number and any unique identifier used by health insurer.
Covered info also includes a username or email address in combination with password or security question and answer that would permit access to online account.
Form of Covered Info
Encryption Safe Harbor
Timing: Must be made as expeditiously as practicable and without unreasonable delay, but no later than 30 days after determination of breach or reason to believe breach occurred, consistent with time necessary to determine scope of the breach, identify those affected, and restore the reasonable integrity of the system. May receive 15 more days if good cause for delay provided to Dept. of Legal Affairs within original 30 days.
Content: Notice must include the date(s) of the breach, a description of the covered info that was or is reasonably believed to have been accessed, and the covered entity's contact info.
Method: By written notice or email. Substitute notice is available if certain criteria are satisfied.