Breach Based on Harm Threshold: YES
Deadline for Consumer Notice: Most expedient time possible, but not later than 45 days following discovery of the security breach
Government Notification Required: YES, if >1,000 residents notified
Scope of this Summary
Form of Covered Info
Encryption Safe Harbor
Timing: Must be made in the most expedient time possible, but not later than 45 calendar days following discovery of the breach, subject to the delay provision discussed below.
Content: Notice must contain: name and contact info of covered entity; list of covered info reasonably believed to have been subject to breach; date, estimated date, or range of dates breach occurred, if known; general description of incident; toll-free numbers and addresses of the major CRAs; advice directing recipient to review personal account statements and credit reports, as applicable; advice informing recipient of their rights pursuant to the federal Fair Credit Reporting Act.
Method: By written notice or electronic notice (if primary method of communication with resident or if consistent with E-SIGN). Substitute notice is available if certain criteria are satisfied.