Sec. 214. Content of notification
253 words·~1 min read·
/bill/115/s/2124/is/section-214A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Regardless of the method by which notice is provided to individuals under section 213, such notice shall include, to the extent possible— a general description of the incident and the date or estimated date of the security breach and the date range during which the sensitive personally identifiable information was compromised; a description of the categories of sensitive personally identifiable information that was, or is reasonably believed to have been, accessed or acquired by an unauthorized person; the acts the covered entity, or the agent of the covered entity, has taken to protect sensitive personally identifiable information from further security breach; at the discretion of the covered entity, reasonable advice on steps the individual may take to protect himself or herself; if applicable, an offer to provide appropriate identity theft prevention and mitigation services, as described in section 211(a)(2); a toll-free number— that the individual may use to contact the covered entity, or the agent of the covered entity; and from which the individual may learn what types of sensitive personally identifiable information the covered entity maintained about that individual; and the toll-free contact telephone numbers and addresses for the major credit reporting agencies if the sensitive personally identifiable information that was breached could be used to commit financial fraud or identity theft.
Regardless of whether a covered entity or a designated third party provides the notice required pursuant to section 211(b), such notice shall include the name of the covered entity that has the most direct relationship with the individual being notified.