Nev. Rev. Stat. § 675.284

Current through 82nd (2023) Legislative Session Chapter 535 and 34th (2023) Special Session Chapter 1 and 35th (2023) Special Session Chapter 1
Section 675.284 - Notification of breach of security of computerized data system: Required notification to Attorney General under certain circumstances
1. A licensee who is required to notify more than 500 residents of this State pursuant to NRS 675.283 as the result of a single breach shall notify the Attorney General of the breach not more than 30 days after the date on which the licensee discovered or was notified of the breach. The notification must include, without limitation:
(a) The number of residents of this State affected or estimated to be affected by the breach.
(b) A list of the types of personal information that were or are reasonably believed to have been subject to the breach.
(c) The period of time, if known, in which personal information was potentially subject to acquisition by unauthorized persons as a result of the breach, including, without limitation, the date of the breach and the date upon which the licensee discovered or was notified of the breach.
(d) A summary of the actions taken to contain the breach.
(e) A sample copy of the notification the licensee provided to persons affected or reasonably believed to be affected by the breach which excludes any personally identifiable information.
2. If any of the information described in subsection 1 is unavailable to a licensee at the time the licensee submits the notification to the Attorney General, the licensee shall promptly provide the information to the Attorney General after the information becomes available to the licensee.

NRS 675.284

Added to NRS by 2023, 3476
Added by 2023, Ch. 527,§10, eff. 10/1/2023.