Section 2307 - Notice exemption(a) Information privacy or security policy.--An entity that maintains its own notification procedures as part of an information privacy or security policy for the treatment of personal information and is consistent with the notice requirements of this act shall be deemed to be in compliance with the notification requirements of this act if it notifies subject persons in accordance with its policies in the event of a breach of security of the system.(b) Compliance with Federal requirements.--(1) A financial institution that complies with the notification requirements prescribed by the Federal Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice is deemed to be in compliance with this act.(2) An entity, a State agency or a State agency's contractor, that complies with the notification requirements or procedures pursuant to the rules, regulations, procedures or guidelines established by the entity's , State agency's or State agency's contractor's primary State or functional Federal regulator, shall be in compliance with this act.Amended by P.L. TBD 2022 No. 151, § 5, eff. 5/2/2023. 2005 , Dec. 22, P.L. 474, No. 94, §7, effective in 180 days [ 6/20/2006].