2-6-1501. Definitions. As used in this part, the following definitions apply:
(1) "Breach of the security of a data system" or "breach" means the unauthorized acquisition of computerized data that:
(a) materially compromises the security, confidentiality, or integrity of the personal information maintained by a state agency or by a third party on behalf of a state agency; and
(b) causes or is reasonably believed to cause loss or injury to a person.
(2) "Individual" means a human being.
(3) "Person" means an individual, a partnership, a corporation, an association, or a public organization of any character.
(4) (a) "Personal information" means a first name or first initial and last name in combination with any one or more of the following data elements when the name and data elements are not encrypted:
(i) a social security number;
(ii) a driver's license number, an identification card number issued pursuant to 61-12-501, a tribal identification number or enrollment number, or a similar identification number issued by any state, the District of Columbia, the Commonwealth of Puerto Rico, Guam, the Virgin Islands, or American Samoa;
(iii) an account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to a person's financial account;
(iv) medical record information as defined in 33-19-104;
(v) a taxpayer identification number; or
(vi) an identity protection personal identification number issued by the United States internal revenue service.
(b) The term does not include publicly available information from federal, state, local, or tribal government records.
(5) "Redaction" means the alteration of personal information contained within data to make all or a significant part of the data unreadable. The term includes truncation, which means that no more than the last four digits of an identification number are accessible as part of the data.
(6) (a) "State agency" means an agency, authority, board, bureau, college, commission, committee, council, department, hospital, institution, office, university, or other instrumentality of the legislative or executive branch of state government. The term includes an employee of a state agency acting within the course and scope of employment.
(b) The term does not include an entity of the judicial branch.
(7) "Third party" means:
(a) a person with a contractual obligation to perform a function for a state agency; or
(b) a state agency with a contractual or other obligation to perform a function for another state agency.
History: En. Sec. 25, Ch. 348, L. 2015; amd. Sec. 61, Ch. 348, L. 2015.