Sec. 21.23.399. Definitions.
593 words·~3 min read·
/ak/title-21/chapter-23/21-23-399A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Sec. 21.23.399. Definitions.
In AS 21.23.240 — 21.23.399,
(1)“consumer” means an individual who is a resident of the state and whose nonpublic information is in a licensee's possession or control;
(2)“cybersecurity event”
(A)means an event resulting in unauthorized access to or disruption or misuse of an information system or information stored on the information system;
(B)does not include
(i)the unauthorized acquisition of encrypted nonpublic information if the encryption's process or key is not also acquired, released, or used without authorization; or
(ii)an event in which the licensee has determined that nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed;
(3)“encrypt” means transforming of data into a form that results in a low probability of assigning meaning without the use of a protective process or key;
(4)“information security program” means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information;
(5)“information system” means
(A)a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of electronic information; or
(B)a specialized system that may include an industrial or process control system, a telephone switching and private branch exchange system, or an environmental control system;
(6)“licensee”
(A)means a person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered, under this title;
(B)does not include a purchasing group or a risk retention group chartered and licensed in a state other than this state or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction;
(7)“nonpublic information” means electronic information that is not publicly available information and that is
(A)business-related information of a licensee, the tampering with which, or unauthorized disclosure, access, or use of which, would cause a material adverse effect to the business, operations, or security of the licensee;
(B)information concerning a consumer that, because of a name, number, personal mark, or other identifier, can be used to identify the consumer in combination with one or more of the following data elements:
(i)a social security number;
(ii)a driver's license number or identification card number;
(iii)a financial account, credit card, or debit card number;
(iv)a security code, access code, or password that would permit access to a consumer's financial account; or
(v)a biometric record; or
(C)information or data, except age or gender, in any form created by or derived from a health care provider or a consumer that can be used to identify a particular consumer and relates to
(i)the past, present, or future physical, mental, or behavioral health or condition of a consumer or a member of the consumer's family;
(ii)the provision of health care to a consumer; or
(iii)payment for the provision of health care to a consumer;
(8)“person” means an individual or a nongovernmental entity;
(9)“publicly available information” means information that a licensee has determined is made available to the general public from
(A)a federal, state, or local government record;
(B)a widely distributed media; or
(C)a disclosure to the general public that is required under federal, state, or local law;
(10)“third-party service provider” means a person that is not a licensee that, through a contract with a licensee, is permitted access to and maintains, processes, or stores nonpublic information through its provision of services to the licensee.