2-6-501. Definitions. For the purposes of this part, the following definitions apply:
(1) "Breach of the security of a data system" or "breach" means unauthorized acquisition of computerized data that:
(a) materially compromises the security, confidentiality, or integrity of the personal information maintained by a state agency or by a third party on behalf of the state agency; and
(b) causes or is reasonably believed to cause loss or injury to a person.
(2) "Individual" means a human being.
(3) "Person" means an individual, a partnership, a corporation, an association, or a public organization of any character.
(4) (a) "Personal information" means a first name or first initial and last name in combination with any one or more of the following data elements when the name and the data elements are not encrypted:
(i) a social security number or tax identification number;
(ii) a driver's license number, an identification number issued pursuant to 61-12-501, a tribal identification number or enrollment number, or a similar identification number issued by any state, the District of Columbia, the Commonwealth of Puerto Rico, Guam, the Virgin Islands, or American Samoa; or
(iii) an account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to a person's financial account.
(b) The term does not include publicly available information that is lawfully made available to the general public from federal, state, local, or tribal government records.
(5) "Redaction" means the alteration of personal information contained within data to make all or a significant part of the data unreadable. The term includes truncation, which means that no more than the last four digits of an identification number are accessible as part of the data.
(6) (a) "State agency" means an agency, authority, board, bureau, college, commission, committee, council, department, hospital, institution, office, university, or other instrumentality of the legislative or executive branch of state government. The term includes an employee of a state agency acting within the course and scope of employment.
(b) The term does not include an entity of the judicial branch.
(7) "Third party" means:
(a) a person with a contractual obligation to perform a function for a state agency; or
(b) a state agency with a contractual or other obligation to perform a function for another state agency.
History: En. Sec. 1, Ch. 163, L. 2009.